FERC-603 SS 2011 v3

10

18472. JUSTIFICATION

1. CIRCUMSTANCES THAT MAKE THE COLLECTION OF INFORMATION NECESSARY

Shortly after the attacks on September 11, 2001, the Commission began its efforts with respect to CEII.¹ As a preliminary step, the Commission removed from its public files and Internet page documents such as oversized maps that were likely to contain detailed specifications of facilities, and directed the public to use the Freedom of Information Act (FOIA) request process to obtain such information.² The Commission was not alone in its reaction to protecting sensitive information. The Associated Press reported on October 12, 2001, that "Federal agencies are scrutinizing their Web sites and removing any information they believe terrorists might use to plot attacks against the nation. Federal agencies have been reviewing their sites in the wake of the terrorist attacks." The report referred to action by the Nuclear Regulatory Commission, the Environmental Protection Agency, the Centers for Disease Control and Prevention, and the United States Department of Transportation Office of Pipeline Safety. Since September 11, 2001, our country fortunately has not experienced any attacks as devastating as the ones experienced on that day. Concerns about threats to the energy infrastructure over which the Commission has regulatory responsibilities, however, still exist.

The Commission established its CEII rules in Order Nos. 630 and 630-A.³ Thecurrent procedures require that each CEII requester file a signed, written request in which he or she provides to the CEII Coordinator detailed information about himself or herself and his or her need for the information, along with an executed non-disclosure agreement. Commission staff verifies and utilizes this information to determine whether to release the CEII to the requester. The current process requires that Commission staff verify each requester when each request is made. Information provided to the Commission in FERC-603 is necessary to the verification process and essential to keeping sensitive information out of the hands of individuals that may do harm to this nation.

Information exempt from disclosure under the Freedom of Information Act (FOIA):

FOIA Exemption 2

A recent Supreme Court case impacted the use of this exemption. The Department of Justice⁴ provides the following summary:

On March 7, 2011, the Supreme Court issued an opinion pertaining to Exemption 2 of the Freedom of Information Act, 5 U.S.C. § 552 (b)(2) (2006 & Supp. III 2009),  that overturned thirty years of established FOIA precedents and significantly narrowed the scope of that exemption.  See Milner v. Dep't of the Navy, 131 S. Ct. 1259 (2011). 

FOIA Exemption 4

FOIA Exemption 4 protects trade secrets and commercial or financial information. The Commission has determined that much of the information that maybe withheld as CEII may fall within the scope of Exemption 4, because release of the information could cause competitive harm to submitters, impair the Commission's ability to obtain similar information in the future, or impair the effectiveness of the Commission's programs. Inappropriate release of CEII could render the infrastructure more vulnerable to attack, threatening the energy industry and domestic power grid, resulting in potentially devastating economic and environmental consequences.

FOIA Exemption 7

FOIA Exemption 7 exempts from disclosure certain information compiled for law enforcement purposes. In order to invoke Exemption 7, the agency must be able to demonstrate that the document at issue involves records or information compiled for law enforcement purposes. The Commission has very broad authority to enforce the provisions of the Federal Power Act and the Natural Gas Act. For instance, under the Federal Power Act, the Commission (1) monitors and investigates compliance with licenses, exemptions and preliminary permits it issues, 16 U.S.C. 823b; (2) determines just and reasonable rates, 16 U.S.C. 824e; and (3) ensures compliance with the Act and regulations issued there under, 16 U.S.C. 825m, 825o-l. Similarly, with respect to natural gas, the Commission has broad authority (1) to determine whether rates and charges are just and reasonable, 15 U.S.C. 717c; and (2) to enforce violations of the statute or regulations issued, 15 U.S.C. 717s. Thus, given its broad enforcement authority, much of the information the Commission collects qualifies as information collected for a law enforcement purpose. Further, many of the documents containing critical energy infrastructure information enjoy protection under FOIA Exemption 7(F), which allows for withholding documents the release of which could reasonably be expected to endanger a person's life or safety.

Given that an attack on the energy infrastructure is a legitimate threat, the Commission believes that release of the information could facilitate or increase the likelihood of the success of such an attack and could be expected to endanger life and safety of people. The failure of a dam could cause flooding that would endanger lives, as could the explosion of a natural gas pipeline. Interruptions to gas and electric power supplies likewise could endanger lives of those reliant on power, especially in times of extreme hot or cold weather. For these reasons, the Commission believes the information identified as CEII may qualify for protection under Exemption 7(F).

RM02-4-000 Final Rule

On March 3, 2003, in Order No. 630, RM02-4-000, the Commission revised the definition of CEII, enlarging the definition to include information about proposed facilities, while, at the same time, contracting the definition to exclude information that simply gives the location of a particular facility. While recognizing that requesters remain free to request documents under the FOIA, the final rule instituted a new, non-FOIA avenue for seeking access to CEII. The FOIA is of questionable use when a document contains CEII because, by definition, CEII encompasses only information that is exempt from mandatory disclosure under the FOIA. The non-FOIA avenue enables requesters with a need for information that is exempt from disclosure under the FOIA to obtain the information, subject to appropriate restrictions on use and disclosure of the information. Agencies releasing information under a FOIA request must generally release the information to all requesters. In addition, the agency may not restrict the recipient's use or dissemination of that information. If the Commission wishes to make otherwise exempt information available to a particular requester based on that requester's need for the information, or wishes to limit the recipient's use and dissemination of exempt information, it must do so outside of the confines of the FOIA.

RM02-4-002 Final Rule

On August 3, 2004, in Order No. 649, RM02-4-002, the Commission revised its regulations for gaining access to CEII and committed to continue monitoring and reviewing the CEII program to examine the effectiveness of the rules within one year. In order to facilitate the review, the Commission issued a notice soliciting public comment on the effectiveness of the CEII process. The first CEII review was initiated with a notice soliciting public comment that was issued on February 13, 2004.⁵ After reviewing the comments received, the Commission made a few changes to the CEII process in Order No. 649⁶ The Commission changed the treatment of boundary maps from CEII to Non-Internet Public (NIP). FERC also agreed that federal agencies would not have to file more than one request for CEII in one docket, and that agents and owners and operators of facilities could get information on their client’s facilities outside the CEII process with written authorization from the owner/operator.

RM02-4-003 Final Rule

On June 21, 2005⁷, in Order No. 662, RM02-4-003, the Commission further amended its regulations for gaining access to CEII. These changes were made based on comments filed in response to the March 3, 2005 notice seeking public comment on the effectiveness of the Commission’s CEII rules. The final rule removed federal agency requesters from the scope of the rule, modified the application of NIP treatment, and clarified obligations of requesters. It also discussed changes that would be made to non-disclosure agreements.

RM06-24-000 Final Rule

On September 21, 2006, in Order No. 683, RM06-24-000, the Commission made additional amendments to its regulations for gaining access to CEII by clarifying the definition of CEII to exclude information that the Commission never intended to be deemed as containing critical infrastructure information. In addition, procedural changes were made based on over three years experience processing CEII requests. These changes simplify the procedures for obtaining access to CEII without increasing vulnerability of the energy infrastructure.

RM06-23-000 Final Rule

On October 30, 2007,⁸ in Order No. 702, RM06-23-000, the Commission significantly amended its regulations for gaining access to CEII. In order to facilitate the review, the Commission issued a notice soliciting public comment on the effectiveness of the CEII process. (See item no. 8 of this justification.) The final rule: modified non-disclosure agreements; modified the Commission’s process to allow the CEII Coordinator to respond to CEII requests by letter; provided landowners access to alignment sheets for the routes across or in the vicinity of their properties; included a fee provision; limited the portions of forms and reports the Commission defines as containing CEII; and eliminated as a category of documents the Non-Internet Public designation.

Order No. 702 changed the Commission’s regulations in three ways that will decrease the frequency and time spent on the CEII request form. First, the final rule provided that the Commission will seek a requester’s date and place of birth on a case-by-case basis rather than require that information with every request for CEII and eliminated the request for social security numbers. Experience in processing requests for CEII since issuance of Order No. 630 had shown that the legitimacy of a particular requester can usually be determined from information other than the requester’s date and place of birth. However, occasionally, a date and place of birth are needed to assess the legitimacy of a requester. Therefore, the Commission revised 18 C.F.R. § 388.113(d) of the regulation to obtain that information on a case-by-case basis rather than obtain it in every instance. In response to this final rule, the CEII request form was amended to eliminate the space for individuals to provide their date of birth, place of birth, and social security number. Therefore, the final rule limited the burden imposed on requesters of CEII.

Second, the Commission revised its regulations to allow an annual certification for repeat requesters, i.e., repeat requesters would not be required to file a new non-disclosure agreement with each subsequent request. The previous regulation set forth a process where a requester provides to the CEII Coordinator detailed information about the requester and his or her need for the information, which the CEII Coordinator uses in determining whether to release the information. The revised regulation provides that a requester provide such detailed information with an initial request. Once the CEII Coordinator determines that the requester does not pose a security risk, the requester would not have to provide such detailed information with subsequent requests during the calendar year. This will decrease the use of the CEII request form.

Finally, the Commission revised its regulations to allow an authorized representative of an organization to file a CEII request on behalf of all that organization’s employees. The Commission verifies an organization and requires that the organization verify its own users. Therefore, individuals from that organization are no longer required to submit individual CEII request forms which decreased the overall use of the request form.

2. HOW, BY WHOM, AND FOR WHAT PURPOSES THE INFORMATION IS TO BE USED AND THE CONSEQUENCES OF NOT COLLECTING THE INFORMATION

A Critical Energy Infrastructure Information Coordinator (currently the Director, External Affairs) is authorized by 18 C.F.R. § 375.313 to process non-FOIA requests for CEII and make determinations on such requests. 18 C.F.R. § 388.113 (d) (3) sets forth a process where requesters provide the CEII Coordinator information about themselves and their need for the information. The CEII coordinator uses the information to make a determination as to whether to release the information.⁹ If the requester is determined to be eligible to receive the information requested, the CEII Coordinator will determine what conditions, if any, to place on release of the information. Where appropriate, the CEII Coordinator will forward a non-disclosure agreement to the requestor for execution of the request. Once the requestor signs any required non-disclosure agreement, the CEII Coordinator will make the critical energy infrastructure information available to the requester.

Through this data collection process, the Commission is able to provide information to individuals who need it to participate in Commission's proceedings, but who might not otherwise have access to the information under FOIA. Without this information, the Commission would not have the ability to provide information in an efficient manner to those with a specific need for it. Likewise, if the Commission were to rely solely on FOIA procedure it would not be able to restrict general public access to critical energy infrastructure information which could then be accessed by persons with the ability to attack that infrastructure. Failure to institute these procedures would mean that FERC is unable to discharge its responsibilities to protect critical information.

2. DESCRIBE ANY CONSIDERATION FOR THE USE OF IMPROVED INFORMATION TECHNOLOGY TO REDUCE BURDEN AND TECHNICAL OR LEGAL OBSTACLES TO REDUCING BURDEN

Requests for access to CEII material can be filed electronically or in hard copy. Approximately 90% of the requests are submitted electronically with the remaining requests coming in via fax or hard copy.

2. DESCRIBE EFFORTS TO IDENTIFY DUPLICATION AND SHOW SPECIFICALLY WHY ANY SIMILAR INFORMATION ALREADY AVAILABLE CANNOT BE USED OR MODIFIED FOR USE FOR THE PURPOSE(S) DESCRIBED IN INSTRUCTION NO. 2.

The information requested here cannot be obtained from other sources as the information is specific to each requester seeking CEII. However, it should be noted that all Commission public information collections are subject to analysis and review by Commission staff and are examined for redundancy.

2. METHODS USED TO MINIMIZE BURDEN IN COLLECTION OF INFORMATION INVOLVING SMALL ENTITIES

The Commission believes that the information to be provided by requesters seeking CEII will not impose an undue burden on "small business concerns" under the Regulatory Flexibility Act (RFA).

2. CONSEQUENCE TO FEDERAL PROGRAM IF COLLECTION WERE CONDUCTED LESS FREQUENTLY

It is not possible to collect this data with less frequency. The Commission has no control over when a requester submits a CEII data request. The Commission believes the required information will impose the least possible burden for the public and regulated entities to comply with the Commission's CEII policies.

2. EXPLAIN ANY SPECIAL CIRCUMSTANCES RELATING TO THE INFORMATION COLLECTION

There are no special circumstances related to this collection of information.

2. DESCRIBE EFFORTS TO CONSULT OUTSIDE THE AGENCY: SUMMARIZE PUBLIC COMMENTS AND AGENCY'S RESPONSE TO THESE COMMENTS

In accordance with OMB requirements in 5 C.F.R. 1320.8(d) and in order to extend the expiration date for this collection, the reporting requirements for FERC-603 were noticed in the Federal Register on April 5, 2011 (76 FR 18743). The Commission did not receive any comments in response to this notice.

2. EXPLAIN ANY PAYMENT OR GIFTS TO RESPONDENTS

There are no gifts or payments given to respondents.

2. DESCRIBE ANY ASSURANCE OF CONFIDENTIALITY PROVIDED TO RESPONDENTS

Respondents to this collection are those individuals and/or entities requesting access to CEII material. The information gathered in this collection is used to determine eligibility to obtain access to CEII material and is not considered public information.

2. PROVIDE ADDITIONAL JUSTIFICATION FOR ANY QUESTIONS OF A SENSITIVE NATURE THAT ARE CONSIDERED PRIVATE.

There are no questions of a sensitive nature that are considered private.

2. ESTIMATED BURDEN ON COLLECTION OF INFORMATION

Number of Respondents Annually (1)	Number of Responses per Respondent (2)	Average Burden Hours per Response (3)	Total Annual Burden Hours (1)x(2)x(3)
200	1	.33*	60

*Rounded

The Commission anticipates that it should take no more than 20 minutes to prepare and submit a CEII data request.

2. ESTIMATED OF THE TOTAL COST BURDEN TO RESPONDENTS

Annualized cost = $4,080 (60 hours @ $68/hour¹⁰). Cost per respondent = $20.40 ($4,080/200 responses = $20.40). This cost is based on the average estimated time to gather and provide the necessary information.

2. ESTIMATED ANNUALIZED COST TO THE FEDERAL GOVERNMENT

The costs to the Commission are for 1) staffing requirements to review and prepare a response to CEII requests, $142,372 (1 full time equivalent employees x $142,372); and 2) clearance of this data collection at $1,575 annually. Total estimated annualized cost = $143,947.

2. REASONS FOR CHANGES IN BURDEN INCLUDING THE NEED FOR ANY INCREASE

The burden hours have not changed for this collection. The estimated cost has increased due to using a higher hourly figure than was used in the previous submission.

2. TIME SCHEDULE FOR THE PUBLICATION OF DATA

There is no publication of data as part of this collection of information.

2. DISPLAY OF EXPIRATION DATE

The OMB control number and expiration date is displayed on the form used to request access to CEII information.

2. EXCEPTION TO THE CERTIFICATION STATEMENT

There are exceptions to the Paperwork Reduction Act Submission certification. Because the data collected for this reporting requirement is not used for statistical purposes, the Commission does not use the standard as stated in item (i) of the certification, "effective and efficient statistical survey methodology."

2. COLLECTION OF INFORMATION EMPLOYING STATISTICAL METHODS

This is not a collection of information employing statistical methods.

1 See Statement of Policy on Treatment of Previously Public Documents, 66 Fed. Reg. 52,917 (Oct. 18, 2001), 97 FERC ¶ 61,130 (2001) [posted at http://elibrary.ferc.gov/idmws/search/intermediate.asp?link_file=yes&doclist=2215938] .

2 The FOIA process is specified in 5 U.S.C. 552 and the Commission’s regulations at 18 CFR 388.108.

3 Critical Energy Infrastructure Information, Order No. 630, 68 Fed. Reg. 9,857 (Mar. 3, 2003), FERC Stats. & Regs. ¶ 31,140 (2003); order on reh’g, Order No. 630-A, 68 Fed. Reg. 46,456 (Aug. 6, 2003), FERC Stats. & Regs. ¶ 31,147 (2003).

4 See http://www.justice.gov/oip/foiapost/2011foiapost15.html for more information on this case and its impacts on FOIA exemption 2.

5 69 FR 8638 (February 25, 2004).

6 69 FR 48,386 (August 10, 2004).

7 70 FR 37031 (June 28, 2005)

8 72 FR 63980 (November 14, 2007)

9 Under § 388.113(d), a request filed with CEII coordinator must contain the following information: requester's name, title, address and telephone number; name, address and telephone number of the person or entity on whose behalf the information is requested; a detailed statement explaining the particular need for and intended use of the information; and a statement as to the requestor's willingness to adhere to limitations on the use and disclosure of the information requested.

10 This is an average cost used by the Commission that is based on both salary and benefits.

10