Reporting of Security Issues, 22625-22630 [2011-9629]

Agencies

• DEPARTMENT OF HOMELAND SECURITY
• Transportation Security Administration

[Federal Register Volume 76, Number 78 (Friday, April 22, 2011)]
[Rules and Regulations]
[Pages 22625-22630]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2011-9629]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY

Transportation Security Administration

49 CFR Part 1503

[Docket No. TSA-2009-0014; Amendment No. 1503-4]
RIN 1652-AA66


Reporting of Security Issues

AGENCY: Transportation Security Administration, DHS.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Transportation Security Administration (TSA) is adding 
procedures by which any person will receive a receipt for reporting a 
problem, deficiency, or vulnerability related to transportation 
security, including the security of aviation, maritime, railroad, motor 
carrier vehicle, or pipeline transportation, or any mode of public 
transportation, such as mass transit, in accordance with the 
``Implementing Recommendations of the 9/11 Commission Act of 2007'' (9/
11 Act).

DATES: Effective May 23, 2011.

FOR FURTHER INFORMATION CONTACT: Traci Klemm, Office of Chief Counsel, 
TSA-2, Transportation Security Administration, 601 South 12th Street, 
Arlington, VA 20598-6002; telephone (571) 227-3596; facsimile (571) 
227-1380; e-mail traci.klemm@dhs.gov.

SUPPLEMENTARY INFORMATION:

Availability of Rulemaking Document

    You can get an electronic copy using the Internet by--
    (1) Searching the electronic Federal Docket Management System 
(FDMS) Web page at https://www.regulations.gov;
    (2) Accessing the Government Printing Office's Web page at https://www.gpoaccess.gov/fr/; or
    (3) Visiting TSA's Security Regulations Web page at https://www.tsa.gov and accessing the link for ``Research Center'' at the top 
of the page.
    In addition, copies are available by writing or calling the person 
in the FOR FURTHER INFORMATION CONTACT section. Make sure to identify 
the docket number of this rulemaking.

Small Entity Inquiries

    The Small Business Regulatory Enforcement Fairness Act (SBREFA) of 
1996 requires TSA to comply with small entity requests for information 
and advice about compliance with statutes and regulations within TSA's 
jurisdiction. Any small entity that has a question regarding this 
document may contact the person listed in FOR FURTHER INFORMATION 
CONTACT. Persons can obtain further information regarding SBREFA on the 
Small Business Administration's Web page at https://www.sba.gov/advo/laws/law_lib.html.

Background

    In the immediate aftermath of the events on September 11, 2001, the 
Federal Aviation Administration (FAA) established a task force to 
respond to the large volume of incoming phone calls, e-mails, and 
letters from the public. On June 1, 2002, the Transportation Security 
Administration (TSA) assumed responsibility for this response to the 
public, creating what is now known as the TSA Contact Center (TCC). The 
TCC is a widely-publicized open line for the public to contact TSA. As 
such, it has also provided a mechanism through which TSA may receive 
information about potential threats to transportation security from 
both well-meaning persons and those with harmful intent.
    In December 2004, TCC availability was expanded to 24 hours a day, 
7 days a week, 365 days per year, primarily to ensure continuous review 
for threat-related contacts. The current process for public reporting 
of potential security violations, threat information or criminal 
activities, vulnerabilities and intelligence was put in place after the 
DHS Office of Inspector General assessed the Agency's actions to 
improve the handling of threat and non-threat communications following 
an incident where a college student was testing security.\1\
---------------------------------------------------------------------------

    \1\ See unclassified summary at: https://www.dhs.gov/xoig/assets/mgmtrpts/OIG_05-51_Sep05.pdf.
---------------------------------------------------------------------------

    TSA also has ongoing initiatives within the various transportation 
modes, such as the General Aviation Secure Program, that includes 
hotline numbers to alert TSA of security concerns.\2\ Information from 
these reporting options, along with reports of other security incidents 
and concerns required by various TSA regulations, is received and 
processed by the same analytical components of TSA. Through

[[Page 22626]]

the Transportation Security Operations Center (TSOC) and other TSA 
components, information is also routinely passed to TSA's partners for 
appropriate response.
---------------------------------------------------------------------------

    \2\ See https://www.tsa.gov/what_we_do/tsnm/general_aviation/programs_sp.shtm#general_aviation for more information on the 
General Aviation Secure Program.
---------------------------------------------------------------------------

    The ``Implementing Recommendations of the 9/11 Commission Act'' (9/
11 Act) requires the Secretary of Homeland Security to establish, by 
regulation, a process for any person to report transportation-related 
security problems, deficiencies, or vulnerabilities and promptly 
receive an acknowledging receipt for their report.\3\ This requirement 
is included in provisions to protect transportation-sector employees 
from discrimination or other retaliation for reporting or preventing 
violations of Federal laws related to transportation safety or 
security.\4\
---------------------------------------------------------------------------

    \3\ Public Law 110-53, 121 Stat. 266 (August 3, 2007), sections 
1413(i) (public transportation), 1521(i) (railroad carriers), and 
1536(i) (commercial motor vehicles); these sections are codified in 
the United States Code at 6 U.S.C. 1142, 49 U.S.C. 20109, and 49 
U.S.C. 31105, respectively. Future references will be to the 
codified sections.
    \4\ Id.
---------------------------------------------------------------------------

Summary of the Rule

    This rule, which implements the 9/11 requirements, establishes the 
process for any person \5\ to receive a receipt for making a report to 
TSA regarding any transportation-related security problem, deficiency, 
or vulnerability. This mechanism to receive a receipt for reports 
applies to all modes of transportation, including aviation, commercial 
motor vehicle, maritime, pipeline, public transportation, and railroad 
transportation.
---------------------------------------------------------------------------

    \5\ For purpose of TSA regulations, ``person'' is defined in 49 
CFR 1500.3.
---------------------------------------------------------------------------

    In Sec.  1503.3(a) of the rule, TSA designates the addresses and a 
telephone number that a person must use in order to obtain a receipt 
for their report. In order to obtain a receipt, the person must use one 
of these reporting mechanisms and provide valid contact information.
    Paragraph (b) indicates how TSA will provide a receipt 
acknowledging the report. Reports submitted by mail or through the 
Internet will receive written confirmation. Internet receipts will 
include the content of the report. Reports submitted by phone will 
receive a call identifier number. The call identifier number is linked 
to a copy of the information as recorded by TSA, which will be 
maintained according to TSA's record retention schedules (currently, 
these records are scheduled to be retained by TSOC for two years). To 
receive a written copy of the report, the person will need to contact 
TSA at the address identified in the rule within two years of their 
call and request a paper copy.
    Paragraph (c) reiterates TSA's commitment to review and consider 
all information received and to take appropriate steps.
    Paragraph (d) clarifies that a report made voluntarily under this 
subpart will not satisfy any separate legal obligation of any person to 
report information to TSA or any other Government agency under any 
other law. Operators must comply with those provisions regardless of 
whether a report has been submitted through the new part 1503 
procedures.
    Finally, paragraph (e) is a reminder that these reporting 
mechanisms are not to be used for reporting immediate or emergency 
security or safety concerns. These concerns should be immediately 
reported to the appropriate emergency services operator, such as by 
calling 911. Alleged waste, fraud, and abuse in TSA programs should be 
reported to the Department of Homeland Security Inspector General: 
(800) 323-8603, or DHSOIGHOTLINE@dhs.gov.

Authorities

    As previously discussed, the 9/11 Act requires DHS to issue this 
regulation for transportation security-related reports affecting public 
transportation, rail, and motor carriers. TSA has determined that the 
security benefits of receiving these reports applies to modes of 
transportation not enumerated in the statute: Aviation, maritime, and 
pipeline.
    Aspects of this rule not required by the 9/11 Act are supported by 
TSA's statutory authority to enhance security for all modes of 
transportation.\6\ TSA has broad regulatory authority and may issue, 
rescind, and revise such regulations as are necessary to carry out its 
transportation security functions.\7\
---------------------------------------------------------------------------

    \6\ See 49 U.S.C. 114(d). The TSA Administrator's current 
authorities under ATSA have been delegated to him by the Secretary 
of Homeland Security. Section 403(2) of the Homeland Security Act 
(HSA) of 2002, Public Law 107-296, 116 Stat. 2315 (Nov. 25, 2002), 
transferred all functions of TSA, including those of the Secretary 
of Transportation and the Under Secretary of Transportation of 
Security related to TSA, to the Secretary of Homeland Security. 
Pursuant to DHS Delegation Number 7060.2, the Secretary of Homeland 
Security delegated to the Administrator, subject to the Secretary's 
guidance and control, the authority vested in the Secretary with 
respect to TSA, including that in sec. 403(2) of the HSA.
    \7\ 49 U.S.C. 114(l)(1).
---------------------------------------------------------------------------

Changes From the Notice of Proposed Rulemaking (NPRM)

    This final rule adopts the regulations proposed in the NPRM \8\ 
with minor revisions. A scope provision has been added. Addresses for 
providing reports by mail, through the Internet, or by phone have been 
added to 49 CFR part 1503. Information on how to obtain a receipt has 
also been provided. This preamble does not address technical 
corrections or corrected typographical errors.
---------------------------------------------------------------------------

    \8\ Published in the Federal Register on August 26, 2009 (74 FR 
43088).
---------------------------------------------------------------------------

    While the text of the rule has not been significantly altered since 
the NPRM, the costs estimated for this regulation have been 
significantly lowered. At the time that the NPRM was published, TSA 
intended to extensively publicize the reporting mechanism for use by 
the general public to report any transportation-related security 
concern. The costs in the NPRM reflected that assumption. Since that 
time, however, DHS has launched the ``See Something, Say Something'' 
campaign.
    The ``See Something, Say Something'' campaign is part of DHS's 
commitment to promoting a vigilant citizenry that actively participates 
in protecting national security. In her September 2010 speech to first 
responders at the NYC Emergency Operations Center, Secretary Napolitano 
noted in her prepared remarks: ``Recall that it was a New York street 
vendor who tipped off a policeman about the bombing attempt in Times 
Square. It was a group of passengers on Flight 253 who intervened to 
stop the bombing attempt on Christmas Day.'' She then continued, 
``Making individuals and citizens better informed and empowered is 
crucial, and DHS has therefore launched, and is expanding, a national 
campaign around a slogan you probably know well: `If You See Something, 
Say Something.' '' The purpose of the campaign, as stated by the 
Secretary, is to raise ``awareness of potential terrorist tactics, and 
emphasizing the importance of reporting suspicious activity to law 
enforcement.''
    The implementation of that campaign has changed TSA's assumptions 
regarding how the mechanisms required by the 9/11 Act are likely to be 
used. Where the NPRM estimated costs based on the most currently 
available number of all security-related calls to the Contact Center 
and then increased that amount based on additional publicity, TSA now 
assumes that most reports under this rule will be made by a subset of 
the individuals who contact TSA with security concerns, primarily made 
up of employees within the transportation sector seeking a reporting 
mechanism that will provide them with documentation of their report in 
the event they may need it in the future. This results in far fewer 
estimated reports resulting from the mechanisms

[[Page 22627]]

under this final rule than estimated in the NPRM.
    As a result, the estimated costs have been significantly reduced 
from those provided in the NPRM. This specifically relates to estimates 
for the number of reports received and the TSA costs for processing 
those reports. In addition, TSA has developed new automated mechanisms 
for providing receipts to persons who report security concerns through 
e-mail; all security-related reports, regardless of whether they are 
being made as a result of this rule or for other reasons, will 
automatically receive an e-mail receipt. This substantially reduces the 
potential costs for TSA.

Public Comments on the NPRM

    The public comment period for the NPRM closed on October 26, 2009. 
TSA received two public comments, from a commercial airline and a trade 
association representing members of the aviation industry. TSA 
addresses these comments below.

Including the Aviation Industry

    Comments: One commenter objected to including the aviation industry 
in the scope of this rule because this sector is already highly 
regulated and required to report suspicious activities and events. As 
part of these requirements, they assert that knowledgeable employees 
report deficiencies, incidents, and vulnerabilities. They question 
whether untrained persons will be able to ``identify true 
vulnerabilities within commercial aviation without the understanding or 
comprehension of our security programs?''
    TSA Response: This rule does not create a reporting requirement; it 
provides a voluntary reporting and receipt mechanism. Therefore, it is 
neither imposing an additional regulatory burden upon the industry nor 
duplicating the requirements for air carriers or other owner/operators 
to report security incidents and events. It is intended to provide a 
mechanism for anyone reporting transportation-related security 
problems, deficiencies, and vulnerabilities to obtain a receipt of 
their report. TSA is not limiting the scope for who can benefit from 
this mechanism, recognizing that transportation employees and members 
of the general public are capable of identifying things that are out of 
the ordinary. TSA will evaluate the information and determine whether 
further investigation or validation is necessary and by whom.
    While the language regarding the reporting and receipt mechanism is 
inclusive, referencing ``any person,'' \9\ we note that the requirement 
for TSA to develop this mechanism is contained in statutory provisions 
that are focused on providing protections for surface transportation 
employees who report concerns to authorities and are subsequently 
subject to retaliation, discharge, or discrimination.\10\ The 9/11 Act 
can be seen as an extension of these protections previously enacted for 
aviation employees.\11\ The processes set forth in this rule provide 
all transportation-related employees with the ability to obtain a 
receipt for reports.
---------------------------------------------------------------------------

    \9\ 6 U.S.C. 1142(i), 49 U.S.C. 20109(i), and 49 U.S.C. 
31105(i).
    \10\ 6 U.S.C. 1142, 49 U.S.C. 20109, and 49 U.S.C. 31105.
    \11\ See 49 U.S.C. 42121.
---------------------------------------------------------------------------

TSA Rewards Program

    Comments: As noted in the preamble of the NPRM,\12\ TSA is in the 
process of developing a program to confer monetary or other recognition 
on persons who provide valuable information to TSA about criminal acts 
or other violations relating to transportation security. One commenter 
raised questions regarding how TSA is planning to administer a rewards 
program for persons who provide valuable information related to 
transportation security.
---------------------------------------------------------------------------

    \12\ See 74 FR 43090 (August 26, 2009).
---------------------------------------------------------------------------

    TSA Response: The rewards program is still under development. Any 
information regarding implementation of a rewards program by TSA will 
be contained in other documents when appropriate.

Costs of the Rule

    Comments: One commenter asserted that implementation of this rule 
will cost the taxpayers $1,000,000 annually and provide no benefit. 
They asserted the ``traveling consumer should not bear the monetary 
burden of this program.''
    TSA response: Costs for implementing this statutorily-required rule 
have been revised and are discussed in Economic Impact Analyses section 
of this preamble. TSA disagrees that there is no benefit from providing 
this mechanism. It is important for the public, travelers, and 
employees to remain vigilant and play an active role in keeping the 
country's transportation network, and the people who rely on it, safe 
and secure. Similar to the ``If You See Something, Say Something'' 
campaign originally implemented by New York City's Metropolitan Transit 
Authority, it is important to raise awareness and ensure reporting of 
vulnerabilities and weaknesses in security measures that could make the 
transportation sector a weak target for terrorists and others with 
malicious intent.

Coordination With the ``General Aviation Hotline'' Program

    Comments: One commenter urged TSA to ensure that the processes 
identified in this rule complement the existing ``General Aviation 
Hotline'' program. They state that this program is well known within 
the general aviation industry and is part of an ongoing effort to 
develop a more comprehensive reporting for aviation security.
    TSA response: The mechanism created by this rule complements the 
General Aviation Hotline program. The General Aviation Hotline program, 
also known as the General Aviation Secure Program, was developed by 
TSA's Office of Transportation Sector Network Management (TSNM) General 
Aviation Division by working with the industry and community to build 
upon the Airport Watch program, encouraging everyone to be vigilant 
about General Aviation security and report any unusual activities to 
TSA. Now seen in the context of the Department of Homeland Security's 
broader ``See Something, Say Something Campaign,'' the program includes 
a number where suspicions regarding operations can be reported, such as 
pilots appearing to be under the control of others, unfamiliar persons 
loitering around the field, suspicious aircraft lease or rental 
requests, anyone making threats, and unusual, suspicious activities or 
circumstances. Information from reports made by persons under this rule 
will be processed and analyzed through the same TSA component as 
information received through the General Aviation program, providing 
TSA with a more comprehensive picture of threats and vulnerabilities to 
transportation security.

Paperwork Reduction Act

    The Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501, et seq.) 
requires that TSA consider the impact of paperwork and other 
information collection burdens imposed on the public and, under the 
provisions of PRA, 44 U.S.C. section 3507(d), obtain approval from the 
Office of Management and Budget (OMB) for each collection of 
information it conducts, sponsors, or requires through regulations. As 
protection provided by the Paperwork Reduction Act, as amended, an 
agency may not conduct or sponsor, and a person is not required to 
respond to, a collection of information unless it displays a currently 
valid OMB control number. TSA has determined there are no current or 
new information

[[Page 22628]]

collection requirements associated with this rule.

Economic Impact Analyses

Regulatory Evaluation

    Changes to Federal regulations must undergo several economic 
analyses. First, Executive Order (EO) 12866, Regulatory Planning and 
Review,\13\ directs each Federal agency to propose or adopt a 
regulation only upon a reasoned determination that the benefits of the 
intended regulation justify its costs. Second, the Regulatory 
Flexibility Act of 1980 (5 U.S.C. 601 et seq., as amended by the Small 
Business Regulatory Enforcement Fairness Act (SBREFA) of 1996) requires 
agencies to consider the economic impact of regulatory changes on small 
entities. Third, the Trade Agreements Act (19 U.S.C. 2531-2533) 
prohibits agencies from setting standards that create unnecessary 
obstacles to the foreign commerce of the United States. Fourth, the 
Unfunded Mandates Reform Act of 1995 (2 U.S.C. 1531-1538) requires 
agencies to prepare a written assessment of the costs, benefits, and 
other effects of proposed or final rules that include a Federal mandate 
likely to result in the expenditure by State, local, or Tribal 
governments, in the aggregate, or by the private sector, of $100 
million or more annually (adjusted for inflation).
---------------------------------------------------------------------------

    \13\ 58 FR 51735 (Oct. 4, 1993).
---------------------------------------------------------------------------

Executive Order 12866 Assessment

    In conducting these analyses, TSA determined:
    1. This rulemaking is not a ``significant regulatory action'' as 
defined in the Executive Order.
    2. This rulemaking will not have a significant economic impact on a 
substantial number of small entities.
    3. This rulemaking will not constitute a barrier to international 
trade.
    4. This rulemaking does not impose an unfunded mandate on State, 
local, or Tribal governments, or on the private sector.
    The basis for these conclusions is set forth below.

Costs

    This rule enhances the ability for any person to report to TSA--via 
regular mail, through the Internet, or telephone--security problems, 
deficiencies, or vulnerabilities related to aviation, maritime, 
railroad, motor vehicle, pipeline, or public transportation. As 
previously discussed, when TSA prepared its initial draft of this rule, 
it intended to extensively publicize the reporting mechanism for use by 
the general public to report any transportation-related security 
concern. The costs in the NPRM reflected that assumption. Since that 
time, however, DHS has developed the ``See Something, Say Something'' 
campaign. The implementation of that campaign has changed TSA's 
assumptions for how the reporting and receipt mechanisms required by 
the 9/11 Act are likely to be used.
    TSA now assumes that most reports under this rule will be made by a 
subset of the general population, primarily made up of employees within 
the transportation sector seeking a reporting mechanism that will 
provide them with documentation of their report in the event they may 
need it in the future. This results in far fewer estimated reports 
under this final rule than estimated in the NPRM. As a result, the 
estimated costs have been significantly reduced from those provided in 
the NPRM. This specifically relates to estimates for the number of 
reports received and the TSA costs for processing those reports. In 
addition, TSA has developed new automated mechanisms for providing 
receipts to persons who report security concerns through e-mail; all 
security-related reports, regardless of whether they are being made as 
a result of this rule or for other reasons, will automatically receive 
an e-mail receipt. Consistent with the estimates of the NPRM, TSA 
assumes that the costs associated with the operation of this reporting 
system will be incurred by TSA and the person making the report.
    TSA currently provides the public with the ability to communicate 
security concerns by contacting TSA's Contact Center (1-866-289-9673) 
or through the TSA Web site (https://www.tsa.gov), by clicking on the 
``Contact Us'' link at the top of the home page, clicking on the 
``Security Issues'' link, and submitting an online form describing the 
security-related issue (received by TSA as an e-mail). If someone 
misses that link and scrolls on down the page, there is another heading 
(``Security Violations and Concerns'') that provides an additional 
opportunity to submit a report.
    As a result of this rulemaking, the ``Security Violation and 
Concerns'' section of the site will include a hyperlink back to the 
``Security Issues'' form and the additional contact addresses 
identified in this rule. Therefore, this analysis of costs and benefits 
assumes that all Web-based reports under this rule will be through the 
``Security Issues'' form on TSA's Web site. As noted, the public will 
also be able to make reports by contacting TSA directly through a 
designated phone number or submitting a report through the mail to a 
designated address.
    There is no accurate method for gauging how many additional e-mail 
messages, telephone calls, and letters reporting transportation 
security concerns these changes to the Web site could generate. While 
estimating an accurate cost to the public of voluntarily reporting 
security concerns to TSA is difficult, one can use fiscal year (FY) 
2010 TSA Contact Center (TCC) data as a starting point to estimate the 
cost of potential scenarios. For this analysis, we assumed that the 
rule will incrementally expand the number of security-related telephone 
calls and e-mail messages TSA received in FY 2010 by 25 percent.
    In FY 2010, the TCC fielded 393 security-related telephone calls 
that could be categorized as reporting a transportation-related 
security problem, deficiency, or vulnerability. (While the TCC may 
receive many more calls that a person has self-selected to be 
``security-related,'' not all of those are within the scope of what is 
anticipated to be relevant to this rule.) These calls are addressed by 
security specialists who help determine whether the issue involves an 
issue related to transportation security or other complaints or 
concerns that the caller may have. They also determine whether the 
information provided will fit within the scope of the rule. Issues 
requiring action by TSA are routed to the appropriate TSA components. 
The security specialists also route information relevant to sister 
agencies to their designated points of contact. According to the TCC, 
the average telephone conversation involving a security specialist 
during FY 2010 lasted 3.25 minutes. For purposes of the NPRM, TSA 
estimated the calls would last approximately 4 minutes.\14\ However, 
the Transportation Security Operations Center (TSOC), which will start 
fielding these calls in FY 2011, assumes that calls from the public as 
a result of this rule will mostly come from a subset of callers who 
want a receipt acknowledging their call; processing these calls may 
require more detailed information than the average call. This primarily 
includes the information needed to provide the person with a receipt, 
which is not required for all calls received by TSOC. TSOC considers 
ten minutes to be a reasonable estimate for the length of such a call. 
If one projects that the public will place 98 additional calls (.25 x 
393) as a result of the rule (for the purposes of this analysis, TSA 
assumes that all of these

[[Page 22629]]

calls will be from individuals wanting a receipt and providing the 
necessary contact information), then the public would spend 980 minutes 
(98 calls at about 10 minutes per call) on the telephone with TSA. At 
$19.32 per hour,\15\ the total annual cost to the public for the 
additional telephone calls will be $316 ($19.32 per hour x 980 minutes/
60 minutes per hour).
---------------------------------------------------------------------------

    \14\ See 75 FR 43090.
    \15\ For purposes of this rulemaking, TSA uses the May 2009 
Bureau of Labor Statistics (BLS) mean hourly wage rate for all 
Transportation and Material Moving Occupations (SOC Code 53-0000), 
adjusted for inflation. To access this information, go to the 
following BLS Web sites: https://data.bls.gov/cgi-bin/print.pl/oes/2009/may/naics2_48-49.htm and https://www.bls.gov/cpi/cpid1012.pdf. 
The $19.00 mean hourly wage rate found at the first Web site is 
converted to 2010 dollars by multiplying it times 1.0168, the amount 
by which the Consumer Price Index for Urban Wage Earners and 
Clerical Workers (CPI-W) rose between 2009 and 2010 (215.262/211.703 
= 1.0168).
---------------------------------------------------------------------------

    To estimate the cost of contacting TSA electronically, this 
analysis used other data collected by the TCC as a starting point. In 
FY 2010 the TCC received 1,527 security-related e-mail messages from 
customers who logged onto the TSA Web site and used the links described 
above. TSA receives information submitted through the Web site in the 
form of an e-mail. As noted under the analysis for phone calls, the TCC 
may receive many more e-mails that a person has self-selected than are 
within the scope of what is anticipated to be relevant to this rule. 
The estimates reflect those e-mails that are relevant to the rule.
    If one assumes that TSA will receive an additional 382 e-mail 
messages (1,527 x .25) as a result of this rule and that the average e-
mail message will require thirty minutes to prepare, one can modify the 
value-of-time formula used to calculate the FY 2010 cost of security-
related telephonic reports to TSA to estimate the cost to the public of 
e-mailing its concerns: 382 e-mail messages x 30/60 hours per e-mail 
message x $19.32 per hour = $3,690. TSA has doubled the time estimate 
assumed in the NPRM due to the more detailed information one would 
expect to be provided; a person who is reporting a security 
vulnerability or deficiency is likely to have more information 
regarding security requirements that are not being followed.\16\ 
Because the receipt mechanism for persons making reports through TSA's 
Web site is automated, any person who reports through this mechanism 
will receive a receipt if they provide contact information.
---------------------------------------------------------------------------

    \16\ See 75 FR 43091.
---------------------------------------------------------------------------

    The rule will also allow the public to report transportation-
related security problems, deficiencies, and vulnerabilities by regular 
mail (the mailing address will be posted on the TSA Web site). As 
previously noted, TSA assumes the majority of persons contacting TSA by 
mail and requesting a receipt will be subset of the general population, 
primarily made up of employees within the transportation sector seeking 
a reporting mechanism that will provide them with documentation of 
their report in the event they may need it in the future. In addition, 
TSA also assumes that most persons will report by e-mail as they will 
be provided with a more comprehensive verification of their report as 
the automated e-mail will include the exact text that they submitted. 
As a result, the estimated costs have been significantly reduced from 
those provided in the NPRM. If one projects that this rule will 
generate 50 letters per year and that it takes the average letter 
writer 30 minutes to write a report and 15 minutes to mail it, the 
value of the public's time for this exercise equates to $725 (50 
letters x 45/60 hour per letter x $19.32 per hour). This increase in 
time from the NPRM is consistent with that for the other reporting 
mechanisms. When the cost of postage is included (50 letters x $.44 per 
stamp = $22), using regular mail to report transportation security-
related problems, deficiencies, and vulnerabilities to TSA will cost 
the public $747.
    The projected cost of the three modes of communication--$316 for 
telephone calls, $3,690 for Web-based communications, and $747 for 
regular mail--is $4,753. As reporting under this rule is voluntary, the 
public would assume this direct cost voluntarily; the cost is not 
imposed by this rule.
    In addition to this direct cost to the public, TSA will incur 
expenses in handling the increased volume of reports. Although it is 
not feasible to accurately establish the number of additional 
telephonic, e-mail, and regular mail reports this rule will generate, 
TSOC is prepared to dedicate one full time equivalent (FTE) employee 
(at an overall cost of $80,208 \17\ per year) to handle the increased 
volume of communications. In addition to the labor costs associated 
with responding to the increase in security-related contacts, TSA will 
incur two non-labor expenses. This reduction from the estimates in the 
NPRM \18\ is consistent with the reductions in estimates for the 
public.
---------------------------------------------------------------------------

    \17\ Data from TSA's Office of Financial Management show that 
this was the average amount of personal compensation and benefits 
paid out in FY 2010 to a G-Band employee. The total comprises 
$51,933 in base pay and $28,275 in benefits.
    \18\ See 75 FR 43091.
---------------------------------------------------------------------------

    The hardware and software needed to implement the ``auto-response'' 
function for Web-based reports will cost $2,060 ($1,100 for a dedicated 
desktop computer and $960 for software). This feature provides an 
electronic receipt including the content of their report to anyone who 
uses the ``Security Issues'' Web form on the TSA Web site to submit 
security concerns (people who contact TSA by phone will be provided a 
unique identifier number for the call).
    Persons who submit reports by mail will receive a receipt in the 
mail. If one projects that this rule will generate 50 letters per year 
and that all the letters will have return addresses, the cost of 
mailing a response will be $22 (50 letters x $.44 per stamp = $22).
    Taken together, the estimated labor expense ($80,208) and receipt 
processes ($2,060 for auto-response and $22 for mail) yield a total 
annual cost to TSA of $82,290.\19\
---------------------------------------------------------------------------

    \19\ TSOC will incur no incremental costs for training because 
in-house training has already been funded. There also will be no 
additional expenses for space, computers, and telephones; existing 
equipment at TSOC will be used to handle the expected increase in 
telephonic and electronic reporting.
---------------------------------------------------------------------------

Benefits

    This rulemaking provides the following benefits:
    1. It reminds the public that TSA wants to receive these reports, 
possibly alerting TSA to transportation security concerns that may 
otherwise have been overlooked. It is quite possible that reports from 
the public could prevent a national security problem that otherwise 
would have gone unaddressed.
    2. It encourages employees and other persons who may hesitate to 
make a report for fear of retaliation or other adverse action to obtain 
the necessary documentation to support any future claims under 6 U.S.C. 
1142, 49 U.S.C. 20109, 49 U.S.C. 31105, and 49 U.S.C. 42121.

Regulatory Flexibility Act Assessment

    The Regulatory Flexibility Act (RFA) of 1980 requires that agencies 
perform a review to determine whether a proposed or final rule will 
have a significant economic impact on a substantial number of small 
entities. If the determination is that it will, the agency must prepare 
a regulatory flexibility analysis as described in the RFA. For purposes 
of the RFA, small entities include small businesses, not-for-profit 
organizations, and small governmental

[[Page 22630]]

jurisdictions. Individuals and States are not included in the 
definition of a small entity.
    This rule enhances the public's ability to report security concerns 
voluntarily to TSA. TSA and the public will incur some costs in the 
operation of this enhanced reporting system. As stated previously, the 
public will voluntarily assume the direct cost of reporting problems 
and deficiencies to TSA; the cost is not imposed by this rule. TSA 
certifies that this rulemaking will not have a significant economic 
impact on a substantial number of small entities.

International Trade Impact Assessment

    The Trade Agreement Act of 1979 prohibits Federal agencies from 
establishing any standards or engaging in related activities that 
create unnecessary obstacles to the foreign commerce of the United 
States. Legitimate domestic objectives, such as safety, are not 
considered unnecessary obstacles. The statute also requires 
consideration of international standards and, where appropriate, that 
they be the basis for U.S. standards. TSA has assessed the potential 
effect of this rulemaking and has determined that it will impose the 
same costs on domestic and international entities and thus have a 
neutral trade impact.

Unfunded Mandates Assessment

    The Unfunded Mandates Reform Act of 1995 (UMRA), Public Law 104-4, 
is intended, among other things, to curb the practice of imposing 
unfunded Federal mandates on State, local, and Tribal governments. 
Title II of the Act requires each Federal agency to prepare a written 
statement assessing the effects of any Federal mandate in a proposed or 
final rule that may result in a $100 million or more expenditure 
(adjusted annually for inflation) in any one year by State, local, and 
Tribal governments, in the aggregate, or by the private sector; such a 
mandate is deemed to be a ``significant regulatory action.''
    This rulemaking does not contain such a mandate. The requirements 
of Title II of the Act, therefore, do not apply and TSA has not 
prepared a statement under the Act.

Executive Order 13132, Federalism

    TSA has analyzed this final rule under the principles and criteria 
of Executive Order 13132, Federalism. We determined that this action 
will not have a substantial direct effect on the States, or the 
relationship between the National Government and the States, or on the 
distribution of power and responsibilities among the various levels of 
government, and, therefore, does not have federalism implications.

Environmental Analysis

    TSA has reviewed this action for purposes of the National 
Environmental Policy Act of 1969 (NEPA) (42 U.S.C. 4321-4347) and has 
determined that this action will not have a significant effect on the 
human environment.

Energy Impact Analysis

    The energy impact of the action has been assessed in accordance 
with the Energy Policy and Conservation Act (EPCA), Public Law 94-163, 
as amended (42 U.S.C. 6362). We have determined that this rulemaking is 
not a major regulatory action under the provisions of the EPCA.

List of Subjects in 49 CFR Part 1503

    Administrative practice and procedure, Investigations, Law 
enforcement, Penalties, Transportation.

The Amendments

    For the reasons set forth in the preamble, the Transportation 
Security Administration amends part 1503 in chapter XII of title 49, 
Code of Federal Regulations to read as follows:

PART 1503--INVESTIGATIVE AND ENFORCEMENT PROCEDURES

0
1. The authority citation for part 1503 is revised to read as follows:

    Authority: 6 U.S.C. 1142; 18 U.S.C. 6002; 28 U.S.C. 2461 (note); 
49 U.S.C. 114, 20109, 31105, 40113-40114, 40119, 44901-44907, 46101-
46107, 46109-46110, 46301, 46305, 46311, 46313-46314.

0
2. Add subpart A to part 1503 to read as follows:
Subpart A--General
Sec.
Sec.  1503.1 Scope.
Sec.  1503.3 Reports by the public of security problems, 
deficiencies, and vulnerabilities.

Subpart A--General


Sec.  1503.1  Scope.

    This part provides information on TSA's investigative and 
enforcement procedures.


Sec.  1503.3  Reports by the public of security problems, deficiencies, 
and vulnerabilities.

    This section prescribes the reporting mechanisms that persons may 
use in order to obtain a receipt for reports to TSA regarding 
transportation-related security problems, deficiencies, and 
vulnerabilities.
    (a) Any person who reports to TSA a transportation security-related 
problem, deficiency, or vulnerability--including the security of 
aviation, commercial motor vehicle, maritime, pipeline, any mode of 
public transportation, or railroad transportation--will receive a 
receipt for their report if they provide valid contact information and 
report through one of the following:
    (1) U.S. mail to Transportation Security Administration HQ, TSA-2; 
Attn: 49 CFR 1503.3 Reports; 601 South 12th Street; Arlington, VA 
20598-6002;
    (2) Internet at https://www.tsa.gov/contact, selecting ``Security 
Issues''; or
    (3) Telephone (toll-free) at 1-866-289-9673.
    (b) Reports submitted by mail will receive a receipt through the 
mail, reports submitted by the Internet will receive an e-mail receipt, 
and reports submitted by phone will receive a call identifier number 
linked to TSA documents held according to published record schedules. 
To obtain a paper copy of reports provided by phone, the person who 
made the report, or their authorized representative, must contact TSA 
at the address identified in (a)(1) of this section within that period 
and provide the identifier number.
    (c) TSA will review and consider the information provided in any 
report submitted under this section and take appropriate steps to 
address any problems, deficiencies, or vulnerabilities identified.
    (d) Nothing in this section relieves a person of a separate 
obligation to report information to TSA under another provision of this 
title, a security program, or a security directive, or to another 
Government agency under other law.
    (e) Immediate or emergency security or safety concerns should be 
reported to the appropriate local emergency services operator, such as 
by telephoning 911. Alleged waste, fraud, and abuse in TSA programs 
should be reported to the Department of Homeland Security Inspector 
General: telephone (toll-free) 1-800-323-8603, or e-mail 
DHSOIGHOTLINE@dhs.gov.

    Issued in Arlington, Virginia, on April 1, 2011.
John S. Pistole,
Administrator.
[FR Doc. 2011-9629 Filed 4-21-11; 8:45 am]
BILLING CODE 9110-05-P