The Federal Aviation Administration (FAA) of the U.S. Department of Transportation needs to collect substantial information about aircraft flying in U.S. airspace in order to ensure safety in air travel. The FAA also must share flight data with the Department of Defense, the Department of Homeland Security, and law enforcement authorities to assist them in protecting the nation from hostile or unlawful use of airspace or aircraft.
More than a decade ago, the FAA began to feed to private-sector entities a constant flow of FAA-collected flight data on aircraft operating under instrument flight rules, including aircraft tail number, flight origin, current location, and flight destination. But the FAA was careful to allow noncommercial aircraft owners and operators to protect their privacy. Upon the request of such an owner or operator, the FAA ceased to make public the information about a private flight. Such FAA respect for flight privacy helped protect personal safety, personal privacy, and sensitive commercial information.
Recently, the FAA announced that it will no longer honor requests on the grounds of privacy not to make public the information about noncommercial flights. The FAA will now honor such requests only if the aircraft owner or operator proves it has an FAA-defined “Certified Security Concern.” The FAA should not require America’s private aircraft owners and operators to sacrifice their privacy as a condition of flying in America’s airspace.
FAA Sharing of Flight Data with Commercial Vendors and Users
Aircraft flying in U.S. national airspace operate under visual flight rules (VFR) or instrument flight rules (IFR).[1] Commercial passenger aircraft operate at most times under IFR, and many general aviation aircraft operate often under IFR.[2] For IFR flight, before departure, the pilot in command of an aircraft must file with the FAA a flight plan (Form 7233-1) with various required items of information, including aircraft identification number (“tail number”), aircraft type, full name and address of the pilot, the point and proposed time of departure, the proposed route and flight level, the destination and expected time of arrival, fuel aboard, and number of passengers aboard.[3] After a pilot has activated a flight plan, the pilot must notify the FAA upon completion of the flight or cancellation of the plan.[4]
In 1992, the FAA began providing to airlines air traffic control data to assist them with their operations. The FAA has since upgraded its data feed and expanded its availability to industry. Currently, the FAA uses information from IFR flight plans and from transponders aboard aircraft as data inputs for its Enhanced Traffic Flow Management System (ETMS). From the ETMS, the FAA feeds data to its Traffic Situation Displays (TSDs) throughout the air traffic control system. The TSDs show air traffic controllers the tail number, location, altitude, airspeed, destination, and estimated time of arrival of aircraft operating under IFR in U.S. airspace.
The FAA has established the Aircraft Situation Display to Industry (ASDI) program to provide ETMS data electronically to commercial vendors and users through a server system in Atlantic City, New Jersey, that collects the information electronically from air traffic control facilities across the country. [5] Employing the ASDI data feed, Internet websites make available to any Internet user the near real-time flight data on private aircraft.
Statute Enacted in 2000 Permits FAA to Protect Flight Privacy
In the late 1990s, organizations representing general aviation interests, led by the National Business Aviation Association (NBAA), expressed concern to Congress about flight privacy. That concern led to enactment of Section 729 of the Aviation Investment and Reform Act for the 21st Century.[6] Section 729 required the FAA to develop a system with commercial recipients of ASDI-derived data by which the FAA could instruct recipients to block flight data about a given tail number:
SEC. 729. AIRCRAFT SITUATIONAL DISPLAY DATA.
(a) IN GENERAL.—A memorandum of agreement between the Administrator and any person that directly obtains aircraft situational display data from the Federal Aviation Administration shall require that—
(1) the person demonstrate to the satisfaction of the Administrator that the person is capable of selectively blocking the display of any aircraft-situation-display-to-industry derived data related to any identified aircraft registration number; and
(2) the person agree to block selectively the aircraft registration numbers of any aircraft owner or operator upon the Administration’s request.
(b) EXISTING MEMORANDA TO BE CONFORMED.—Not later than 30 days after the date of the enactment of this Act, the Administrator shall conform any memoranda of agreement, in effect on such date of enactment, between the Federal Aviation Administration and a person under which that person obtains aircraft situational display data to incorporate the requirements of subsection (a).
Section 729 permitted (but did not require) the Administrator of the FAA to instruct a commercial recipient of ASDI data to block display to its customers of ASDI-derived data about a given aircraft tail number. The FAA adopted a practice of blocking such disclosures on the request of aircraft owners or operators, made either directly to the FAA or under a “Block Aircraft Registration Request” submitted through the NBAA to the FAA.[7]
FAA Decision to Change Block-on-Request Policy to Require “Certified Security Concern”
By a rule issued June 3, 2011, following notice and an opportunity for public comment, the FAA changed the circumstances under which it would require commercial recipients of ASDI-derived data to block flight data about a given tail number. Whereas the FAA previously required the blocking of flight data about an aircraft on the request of its owner, the new policy states that the FAA will require the blocking of the flight data only if the aircraft owner has a Certified Security Concern (CSC). The FAA defined a CSC as follows:
A Certified Security Concern would be based on either (a) the facts and circumstances establishing a Valid Security Concern (i.e., a verifiable threat to person, property or company, including a threat of death, kidnapping or serious bodily harm against an individual, a recent history of violent terrorist activity in the geographic area in which the transportation is provided, or a threat against a company); or (b) the general aviation aircraft owner or operator satisfying the requirement for a bona fide business-oriented security concern under Treasury Regulation 1.132-5(m), “Employer-provided transportation for security concerns,” 26 CFR 1.132-5(m). A generalized security concern or privacy interest no longer will suffice to block the aircraft from the ASDI data feed. Absent appropriate certification, the ASDI data feed will disclose aircraft and flight specific information. It is important to note that this information does not disclose the identity of the occupants of the aircraft or the business or other purpose of the flight.[8]
The FAA also noted that “[t]he aircraft registration numbers of blocked aircraft and the associated flight plans are already releasable under the Freedom of Information Act (FOIA) and are not protected personal information under the Privacy Act.”[9]
Citing findings from a statute that amended the Freedom of Information Act,[10] policy directives from the President and other Obama Administration officials, and court decisions making clear that “personal privacy” under the FOIA does not extend to corporations and that the FAA must release under FOIA the list of tail numbers that the NBAA has requested to be blocked, the FAA stated:
These intervening developments—by Congress, the Executive Branch, and the courts—caused us to reconsider whether it is in the best interest of the Government and the public to exclude from public view general aviation aircraft flight displays in the absence of a Certified Security Concern. As set forth above, given the strong public interest in openness and disclosure, we find that it is not.[11]
The FAA concluded that it “will no longer accommodate requests to bar the release of aircraft flight tracking data unless an aircraft owner or operator provides a Certified Security Concern, as defined in this Notice.”[12]
The statutory findings, policy directives, and court decisions that the FAA cited may support the general proposition that the federal government should facilitate disclosing information about the activities of the government, but they do not support the Orwellian general proposition that the federal government should collect information on the activities of some Americans and then disclose that information to other Americans.[13] As the U.S. Supreme Court has said, “the FOIA’s central purpose is to ensure that the Government’s activities be opened to the sharp eye of public scrutiny, not that information about private citizens that happens to be in the warehouse of the Government be so disclosed.”[14] Transparency in government is about the government holding itself accountable for its activities to the American people, not about having the government make sure that some Americans are accountable to other Americans for their lawful private activities. The FAA was created to ensure air safety and facilitate air commerce—not to help some Americans spy on the private activities of other Americans.
The FAA’s finding that the “strong public interest in openness and disclosure” makes it in the best interest of the government and the public to allow the public to view private flight information flies in the face of the findings made in law by Congress that “the privacy of an individual is directly affected by the collection, maintenance, use, and dissemination of personal information by Federal agencies” and that “the increasing use of computers and sophisticated information technology, while essential to the efficient operations of the Government, has greatly magnified the harm to individual privacy that can occur from any collection, maintenance, use, or dissemination of personal information.”[15]
Court and Legislative Challenges to New FAA Policy
The NBAA and the Airline Owners and Pilots Association (AOPA) have filed in the U.S. Court of Appeals for the District of Columbia Circuit a petition for review of the FAA order of June 3, 2011, that changed the policy on disclosure of flight information from blocking upon request to blocking only with a Certified Security Concern.[16] The Court denied a motion for a stay of the FAA order pending review. Under the clerk’s scheduling order for briefing issued in the case, the parties will complete their filing of briefs in October 2011. The Court has scheduled the case for oral argument at 9:30 a.m. on December 2, 2011, before Circuit Judges Douglas H. Ginsburg and Janice Rogers Brown and Senior Circuit Judge Stephen F. Williams.
The NBAA has stated that “[t]he policies and procedures of both federal and state governments in the U.S. have long recognized the need to protect information about the private movements of individuals and private companies from unknown third parties” and has noted that:
For example, the Federal, state and local governments do not make public the information it controls on the movements of automobiles that utilize E-Z Pass technologies. Transit entities like Metro do not make public the information they have on smart card holders. And, it is illegal for Amtrak and the commercial airlines to make public the names and itineraries of their passengers. Tracking an aircraft tail number is the equivalent of the government allowing people to track the movements of an automobile license plate.[17]
While the FAA had the new policy under consideration, opponents urged Congress to enact legislation that would mandate FAA blocking of disclosure of flight data, other than to a government entity, on the request of the aircraft owner or operator.[18] The House of Representatives passed such legislation as Section 817 of the FAA Reauthorization and Reform Act of 2011 (H.R. 658) on April 1, 2011. The Senate passed H.R. 658 with an amendment in the nature of a substitute, which did not include a provision equivalent to Section 817 of the House-passed bill, on April 7, 2011, and requested a conference on the bill with the House.
The House has not agreed to a conference on H.R. 658. Instead of proceeding with H.R. 658, the House proceeded with a relatively simple bill (H.R. 2887) to extend U.S. surface transportation programs for six months and to extend air transportation programs for four months. The House passed H.R. 2887 by voice vote on September 13, 2011, the Senate passed it by a vote of 92 to 6 on September 15, 2011, and the President signed it into law the next day. The new law does not contain a provision to protect flight privacy.[19]
Meanwhile, the Chairman of the House Appropriations Subcommittee on Transportation, Housing and Urban Development, and Related Agencies has published a proposed transportation appropriations bill for fiscal year 2012 that includes protection for flight privacy.[20] Section 117 of the proposed bill states:
SEC. 117. Notwithstanding any other provision of law, none of the funds made available under this Act or any prior Act may be used to implement or to continue to implement any limitation on the ability of any owner or operator of a private aircraft to obtain, upon a request to the Administrator of the Federal Aviation Administration, a blocking of that owner’s or operator’s aircraft registration number from any display of the Federal Aviation Administration’s Aircraft Situational Display to Industry data that is made available to the public, except data made available to a government agency, for the noncommercial flights of that owner or operator.
Enactment of Section 117 would restore the ability of a private aircraft owner or operator to preserve the privacy of flights if the owner or operator wishes to do so.
Congress Should Require the FAA to Respect Flight Privacy
For a country that believes in limited government and individual freedom, the decision by the Federal Aviation Administration to decide that it will make available to the public information about a private aircraft flight, whether or not the aircraft operator or owner wants the FAA to do so, should be unacceptable. The Administrator of the FAA should promptly take the action necessary to restore flight privacy. Additionally, given the likelihood that the FAA will not correct its error, Congress should enact legislation, such as Section 117 of the proposed transportation appropriations act for fiscal year 2012, to protect the privacy of noncommercial flights at the request of aircraft owners or operators.
David S. Addington is Vice President for Domestic and Economic Policy at The Heritage Foundation.