Pending Rule – Reporting Security Issues

Last week I wrote about three pending TSA rules that were listed on the Office of Management and Budget web site under the Fall 2008 Regulatory Agenda. Today I will take a closer look at what the rule on reporting security issues could look like. This will be based on the material provided on the OMB web site and the referenced sections of the Implementing Recommendations of the 9/11 Commission Act of 2007 (PL 110-53). How the Obama Administration will actually implement the 9/11 Commission requirements remains to be seen. The OMB site provides a general abstract for the proposed rule. It describes provisions for “procedures by which TSA could issue civil money penalties for violations of any statutory requirement administered by TSA” and “procedures by which members of the public could report to TSA a problem, deficiency, or vulnerability regarding transportation security”. It also references sections of the 9/11 Commission Act that provide whistleblower protections to a variety of transportation workers. Enforcement Authority The OMB web site cites § 1302 of the 9/11 Commission Act as the authority for procedures for issuing civil penalties for laws administered by the TSA. This section provides for a $10,000 per day penalty for violations of applicable rules or orders issued by the Secretary of DHS. It establishes a maximum fine of $50,000 for individuals or $400,000 for “a person other than an individual or small business concern”. It does not pre-empt fines set by other legislation. Section 1304 provides for special provisions for assessing civil penalties for “public transportation agencies”. Section 1415 repeats these requirements and also prohibits the Secretary from imposing civil penalties for violating “administrative and procedural requirements” pertaining to grant applications. Section 1302 describes how the penalties would be administered and provides for the exclusive jurisdiction for district courts of the United States for civil actions to collect such fines. It limits the scope of such civil actions to collect fines by providing that “a court may not re-examine issues of liability or the amount of the penalty” in such cases. This section also provides for a public annual report by the Secretary of “all enforcement actions taken by the Secretary under this subsection”. That report must include “the docket number of each enforcement action, the type of alleged violation, the penalty or penalties proposed, and the final assessment amount of each penalty”. Procedures for Public Reporting Three different sections {§§ 1413(i), 1521(i), and 1536(i)} of the 9/11 Commission Act require TSA to establish rules for public reporting of “a problem, deficiency, or vulnerability regarding” security. Each of the individual sections governs a different section of the transportation sector; public transportation, motor carrier, and railroad. Each of these sections of the 9/11 Commission Act require the same thing. The Secretary is required to “establish through regulations after an opportunity for notice and comment, and provide information to the public regarding, a process by which any person may submit a report to the Secretary”. This establishes the legal requirement to prepare the regulation covered in this blog. All three sections add additional requirements beyond establishing the public reporting system. There is a requirement for the Secretary to respond to the submitter, if identified in the report, and acknowledge receipt of the report. Additionally the Secretary is required to review every report and to “take appropriate steps to address any problems or deficiencies identified”. Whistleblower Protections The interesting thing about the sections requiring the establishment of the public reporting process is that they form only a very small part of the section in which they are contained. The establishment of whistleblower protections makes up the largest part of those sections. In fact, a careful reading of the three sections leads one to conclude that the reporting systems are being established to provide a communication tool for transportation employees to contact TSA with information about “a problem, deficiency, or vulnerability regarding” their employer. These protections are already part of the US Code, so technically they do not have to be included in TSA regulations to provide legal cover for whistleblowers. Unfortunately, they do little good if employees are not aware of their protection. Few employees would be willing to risk their jobs by providing inside information about security issues to TSA without knowing that TSA could provide legal protections for their jobs. This means that any public announcement of these communications channels would have to provide information about the whistleblower protections included in the law. For the public communication channel to be effective in encouraging whistleblowers to come forward employers are going to have to be required to inform their workers of the protections available under these sections. Practically speaking, the only thing that could make that happen would be for that requirement to be included in the regulation being developed to establish the communication channel. The Way Forward Providing whistleblower protections to employees has long been a high priority for organized labor and the Democratic Party. It would not be unexpected for the Obama Administration to move forward quickly to publish the NPRM for this regulation. The wording for that NPRM will certainly include more about the whistleblower protections than we would have seen from the Bush Administration.