Download:
pdf |
pdfU.S. Department of Transportation
Privacy Impact Assessment (PIA)
Federal Aviation Administration (FAA)
Privacy ICAO Address System
CLAIRE W BARRETT
Digitally signed by CLAIRE W BARRETT
Date: 2019.12.19 22:36:54 -05'00'
1
�U.S. Department of Transportation
Executive Summary
On May 28, 2010, the Federal Aviation Administration (FAA) published the Automatic Dependent Surveillance
Broadcast (ADS-B) final rule mandating that aircraft flying in certain controlled airspace be equipped with ADS-B
Out capability not later than January 1, 2020.1 ADS-B Out, broadcasts information about an aircraft’s flight
identification and 24-bit ICAO aircraft address to any ADS-B 1090 MHz receiver within line-of-sight. Some
General Aviation (GA) and business aircraft operators have expressed concerns about potential privacy risks
resulting from equipping their aircraft with this technology. To address these concerns the FAA created the Privacy
International Civil Aviation Organization (ICAO) Address Program, which allows operators to use alternate,
temporary ICAO aircraft addresses not attributable to an owner/operator in the publicly available Civil Aviation
Registry.
This Privacy Impact Assessment (PIA) was developed pursuant to Section 208 of the E-Government Act of 2002
because the FAA will collect, use and maintain Personally Identifiable Information (PII) from aircraft
owner/operators to facilitate this voluntary means of addressing the privacy concerns of aircraft operators.
Introduction & System Overview
The Federal Aviation Act of 1958 gives the Federal Aviation Administration (FAA) the responsibility to carry out
safety programs to ensure the safest, most efficient aerospace system in the world. The FAA is responsible for:
Regulating civil aviation to promote safety;
Encouraging and developing civil aeronautics, including new aviation technology;
Developing and operating a system of air traffic control and navigation for both civil and military aircraft;
Developing and carrying out programs to control aircraft noise and other environmental effects of civil
aviation; and
Regulating U.S. commercial space transportation.
The FAA published the Automatic Dependent Surveillance Broadcast (ADS-B) Out Performance Requirements to
Support Air Traffic Control (ATC) Service; Final Rule (ADS-B Out Rule) on May 28, 2010..2 The ADS-B Out
Rule requires ADS-B Out equipment be installed on aircraft seeking to operate in certain classes of airspace within
Classes A, B, and C airspace, as well as other specified classes of the United States Airspace System not later than
January 1, 2020.
ADS-B Out Overview:
ADS-B improves safety and efficiency in the air and on runways, reduces costs, and lessens harmful effects on the
environment. ADS-B is an environmentally friendly technology that enhances safety and efficiency, and directly
benefits pilots, controllers, airports, airlines, and the public. It forms the foundation for the future of air traffic
control by moving from ground radar and navigational aids to precise tracking using satellite signals. ADS-B
reduces the risk of runway incursions with cockpit and controller displays that show the location of aircraft and
1
See (Federal Register/Vol. 75, No. 103, available at https://www.govinfo.gov/content/pkg/FR-2010-05-28/pdf/2010-12645.pdf.
2
75 FR 48553, Docket No. FAA-2007-29305 Amdt. No. 91-314, published 08/11/2010.
2
�U.S. Department of Transportation
equipped ground vehicles on airport surfaces – even at night or during heavy rainfall. ADS-B also provides greater
coverage since ground stations are so much easier to place than radar. Remote areas without radar coverage, like the
Gulf of Mexico and parts of Alaska, now have surveillance with ADS-B. Relying on satellites instead of ground
navigational aids also means aircraft will be able to fly more directly from Point A to B, saving time and money,
and reducing fuel burn and emissions. The improved accuracy, integrity and reliability of satellite signals over radar
means controllers eventually will be able to safely reduce the minimum separation distance between aircraft and
increase capacity in the nation's skies.
ADS-B Out systems automatically transmit/broadcast an aircraft’s GPS position, altitude, velocity and other
information to ground stations and to ADS-B In-equipped aircraft in the vicinity once per second.3 Air traffic
controllers and aircraft equipped with ADS-B In can immediately receive this information. This offers more precise
tracking of aircraft compared to radar technology, which sweeps for position information every 5 to 12 seconds.
ADS-B ground stations are smaller and more adaptable than radar towers and can be placed in locations not
possible with radar. With ground stations in place throughout the country, even in hard to reach areas, ADSB provides better surveillance regardless of the terrain or other obstacles.
The APM which primarily processes ADS-B surveillance reports to monitor aircraft performance and compliance
with the ADS-B Out mandate is also used to store Privacy ICAO Address assignment database information and
correlation of flight operations for aircraft that may be using multiple ICAO addresses through the Privacy ICAO
Address program. The Privacy ICAO Address application, which includes aircraft registration and contact
information for the aircraft owner/operator, is a separate database table within the APM. The APM uses Privacy
ICAO Address applicant information to validate against the Civil Aviation Registry (CAR) to ensure it is a
registered aircraft. Upon validation, a Privacy ICAO Address assignment is made from the inventory of ICAO
addresses in the privacy pool for use by the aircraft owner/operator. The Privacy ICAO Address would thereafter be
associated with a given aircraft, though it would be done outside the CAR. In other words, Privacy ICAO
Addresses codes assignments would be stored within the APM in order to identify the set of assigned privacy ICAO
addresses, contact those aircraft owner/operators, and to map Privacy ICAO Addresses to the appropriate aircraft
being evaluated for performance and compliance. The privacy pool of ICAO addresses is partitioned from the
FAA’s permanent ICAO address assignment and managed outside the Civil Aviation Registry (CAR), resulting in
ICAO addresses that can no longer be associated with aircraft registered in the CAR.
Prior to submitting a Privacy ICAO Address application, the Privacy ICAO Address applicant will have to obtain a
Public ADS-B Performance Report (PAPR) to ensure that the transponder does not exhibit any non-performing
emitter (NPE) issues and is transmitting the correct ICAO address. The APM enables FAA to assist aircraft owners,
pilots and avionics installers to validate the performance of their ADS– B equipment installation upon request. This
is communicated via the PAPR.
3
The 2010 final rule only mandated ADS-B Out. However, some aircraft have opted to go beyond the mandate to equip with ADS-B In. ADS–B
In refers to an appropriately equipped aircraft’s ability to receive and display another aircraft’s ADS–B Out information as well as the ADS–B In
services provided by ground systems, including Automatic Dependent Surveillance–Rebroadcast (ADS–R), Traffic Information Service–
Broadcast (TIS–B), and, if so equipped, Flight Information Service–Broadcast (FIS–B). Information on ADS-B In can be found here:
https://www.faa.gov/nextgen/programs/adsb/pilot/.
3
�U.S. Department of Transportation
The APM produces a PAPR for anyone requesting the performance of an ADS-B Out equipment installation. This
report is available independent of the Privacy ICAO Address Program.4 After January 1, 2020, the FAA
organization will utilize the ADS-B Compliance Monitor to enforce compliance with 14 CFR §§ 91.225 and
91.227.
ADS-B Out information received by FAA ground stations is collected in the APM. The APM processes this
information and calculates how well a given ADS-B Out equipped aircraft meets FAA performance requirements
identified in the ADS-B Out Final Rule. The APM reports are used by the FAA to determine performance outcomes
of aircraft and provide performance metrics for ADS-B Out equipped aircraft.
Privacy ICAO Address Program
General and business aviation aircraft operators have expressed concerns about privacy implications resulting from
equipping their aircraft with ADS-B Out. These privacy concerns were raised to the FAA through private forums
Advisory Committee Meeting repeatedly since 2014. Both the National Business Aircraft Association (NBAA) and
Aircraft Owners and Pilots Association (AOPA) are proponents of FAA efforts to protect the security, privacy and
business competitiveness of aircraft operators by developing the Privacy ICAO Address Program. Respected media
outlets also recognized the importance of this privacy, as did members of both parties of Congress, who passed
legislation requiring FAA to provide an opt-out from real-time broadcast of flight data. Through FAA’s Equip 2020
Working Group there was work with FAA and other general aviation associations to develop an opt-out solution,
based on providing operators an alternate 24-bit ICAO (Mode S transponder) code. Additionally, since 2000,
Congress has repeatedly passed legislation mandating that the FAA provide a means for opting out from real-time
flight tracking, regardless of the technology involved.” To address these privacy concerns, the FAA developed the
Privacy ICAO Address Program. The Privacy ICAO Address Program allows aircraft operators to utilize an alternate
aircraft ID and ICAO aircraft address to mask their aircraft’s identity for a period of time while flying within U.S.
domestic airspace. Use of the alternate ID and ICAO code limits the extent to which the aircraft can be identified by
non-FAA parties capturing the ADS-B signal.
The ADB-S equipment transmits the information about an aircraft on open channels making it possible for
individuals to capture and use that information. ADS-B Out transmits information about the aircraft type, position,
airspeed, aircraft's unique ICAO aircraft address and aircraft registration number. The unique ICAO aircraft address
and aircraft registration numbers are assigned to all U.S. registered aircraft. Moreover, that information is compiled
and searchable by the public in the FAA’s Civil Aviation Registry (CAR). As such, once a third-party has captured
an aircraft’s ICAO aircraft address and aircraft registration number, he can readily identify the operator via CAR. In
addition, software is available that allows a third-party to share ADS-B messages with anyone via on-line internet
sites..
The FAA acknowledges the need of aircraft owners/operators to limit the ability of third-parties to identify
operators and, subsequently, their ability to track aircraft in real-time. The Privacy ICAO Address program allows
interested aircraft owners to request an alternate, temporary ICAO Aircraft Address, which will not made available
in the CAR, and thereby reducing the ability of third-parties to identify the operator of an aircraft.
4
The PAPR does not contain any information related to the Privacy ICAO Address Program.
4
�U.S. Department of Transportation
Privacy ICAO Address Eligibility Requirements
The FAA has established four criteria aircraft owners/operators must meet to be eligible to use an alternate ICAO
address under the Privacy ICAO Address Program:
1.
Aircraft owner/operator must be registered in the US; foreign-registered aircraft are not eligible to
participate;
2.
Aircraft must be operated within U.S. domestic airspace;
3.
Aircraft must have an FAA approved Third-Party Aircraft ID (call sign) issued by a Third-Party Call
Sign service provider; and
4.
Aircraft must be equipped with FAA Technical Standard Order (TSO)-certified equipment and
verification that the equipment installation meets ADS-B Out performance requirements set forth in 14
CFR § 91.227.
Only U.S. registered aircraft owners and aircraft operators, operating within U.S. domestic airspace, can apply for,
receive, and use a Privacy ICAO Address. Foreign-registered aircraft are not eligible to participate in the Privacy
ICAO Address Program.
The Privacy ICAO Address Program will require the FAA and Privacy ICAO Address Service Provider(s) to
validate that the aircraft owner/operator has an agreement with a Third-Party Call Sign Service Provider to use a
Third-Party Aircraft ID. Aircraft owners/operators authorized by the FAA to use a Third-Party Aircraft ID are not
required to use a Privacy ICAO Address(es). All aircraft owners/operators using a Privacy ICAO Address must use
a Third-Party Aircraft ID while that aircraft is in communication with ATC and receiving ATC services.
Eligibility for the Privacy ICAO Address Program will require the installation of be eligible to use aircraft
owners/operators are required to provide the following information within 30 days of receiving an alternate ICAO
address from the FAA under the Privacy ICAO Address Program:
1. Install new alternate ICAO Address into aircraft avionics, and
2. Provide evidence of installation and correct operation to the FAA.5
Once issued and confirmed as operational, the alternate ICAO address and Third-Party issued call sign will be linked
to the aircraft owner/operator in FAA system APM, however the information will not be made available in the public
portion of the CAR or other publicly available data sets.
Privacy ICAO Address Program Application System Overview
Under the FAA’s Privacy ICAO Program requires the operator, or authorized agent, to provide the aircraft
owner/operator name, phone number, e-mail address, and business or home address. Aircraft owners/operators or
an authorized agent must use the FAA web application found https://www.faa.gov/nextgen/equipadsb/privacy/ to
request an alternative ICAO address and participate in the Privacy IACO Address Program. An Authorized agent is
an individual who the operator has designated to complete the application on their behalf and enters the aircraft
owner/operator’s information and not their own.
5
See Appendix A for detailed description of the request process.
5
�U.S. Department of Transportation
The steps below describe the Privacy ICAO Address Program processes:
Step
1
Obtain initial PAPR; perform a validation flight and obtain a PAPR with
aircraft’s permanently assigned ICAO aircraft address.
Step
2
Submit a request for a Privacy ICAO Address.
Step
3
Install new Privacy ICAO Address into aircraft avionics; the new
Privacy ICAO Address is a temporary assignment and owner/operator
must complete Step 4 in order to continue using the Privacy ICAO
Address.
Step
4
Verify new temporary Privacy ICAO Address installation; obtain another
PAPR and send it to the FAA or Third-Party Service Provider.
The data collected from the aircraft owner/operator or authorized agent during the Privacy ICAO Address Program
application process will be utilized for program participation verification, correspondence, and monitoring with
DOT/FAA in order for the FAA to issue the Privacy ICAO Address.
The Privacy ICAO Address application website, https://www.faa.gov/nextgen/equipadsb/privacy/, is planned to be
in place by January 1, 2020, to meet industry concerns, while the agreement and implementation actions for a longterm solution are pursued.
The owner/operator will be required to submit the information necessary to qualify for the authorized use of the
Privacy ICAO Address. This includes:
Aircraft owner/operator name;
Acknowledgement of the FAA’s intent of collection and management of PII for the management of Privacy
ICAO Address assignment and their use in NAS;
Acknowledgement of the Privacy ICAO Address Program Rules of Use in the NAS;
Valid aircraft registration for the aircraft which will be assigned the Privacy ICAO Address (permanent
ICAO aircraft address);
Proof of authorization to use a Third-Party Aircraft ID with the identity of the provider;
Aircraft owners/operators Individual’s Name/Company/Organization Information;
Aircraft owners/operator’s contact information (i.e. phone number, e-mail address);
Requester’s contact information (phone number, e-mail address);
Validation that the aircraft’s ADS-B performance is qualified for ADS-B operations (PAPR report within
the past 180 days); and
Identify, by checking a box, whether the Privacy ICAO Address is requested for business or personal use.
6
�U.S. Department of Transportation
Fair Information Practice Principles (FIPPs) Analysis
The DOT PIA template is based on the fair information practice principles (FIPPs). The FIPPs, rooted in the tenets
of the Privacy Act, are mirrored in the laws of many U.S. states, as well as many foreign nations and international
organizations. The FIPPs provide a framework that will support DOT efforts to appropriately identify and mitigate
privacy risk. The FIPPs-based analysis conducted by DOT is predicated on the privacy control families articulated
in the Federal Enterprise Architecture Security and Privacy Profile (FEA-SPP) v3 6 sponsored by the National
Institute of Standards and Technology (NIST), the Office of Management and
Budget (OMB), and the Federal Chief Information Officers Council and the Privacy Controls articulated in
Appendix J of the NIST Special Publication 800-53 Security and Privacy Controls for Federal Information Systems
and Organizations. 7
Transparency
Sections 522a(e)(3) and (e)(4) of the Privacy Act and Section 208 of the E-Government Act require public notice of
an organization’s information practices and the privacy impact of government programs and activities.
Accordingly, DOT is open and transparent about policies, procedures, and technologies that directly affect
individuals and/or their personally identifiable information (PII). Additionally, the Department should not maintain
any system or records the existence of which is not known to the public.
The FAA deploys multiple techniques to ensure general aviation and business aircraft operators are aware of the
requirements for the Privacy ICAO Address Program, and the purposes for which the FAA collects and maintains
PII in support of the Privacy ICAO Address Program. The aircraft owner/operator’s name and contact information
(i.e. phone number, e-mail address, and business or home address) which is required to send responses and issue a
new Privacy ICAO Address. In their outreach, the FAA held speaker events; posted information on the FAA
websites; and publicized via Aircraft Owner and Pilot Association, National Business Aircraft Association, General
Aviation Manufacturers Association, Aircraft Electronics Association and other organization as means to inform
aircraft owner/operators. A Privacy Act Statement is available on the Privacy ICAO Address web application,
providing notice of the use of information collected.
The Privacy ICAO Address Program retrieves records from APM by an owner/operator’s name or e-mail address.
The FAA protects Privacy Act records maintained in the APM in accordance with the Department’s published
system of records notices (SORN), entitled DOT/FAA 801 Aircraft Registration Records (80 FR 54187, August 15,
2016. A Privacy Act Statement discussing the Department’s privacy practices regarding the collection, use, sharing,
safeguarding, maintenance, and disposal of PII is included on the Privacy ICAO Address Program website. An
authorized agent may enter information about the aircraft owner/operation but not themselves and not afforded
coverage under the Privacy Act.
The publication of this PIA demonstrates DOT’s commitment to provide appropriate transparency into the Privacy
ICAO Address Program and APM.
6
https://s3.amazonaws.com/sitesusa/wp-content/uploads/sites/1151/2016/10/FEA-Security-Privacy-Profile-v3-09-30-2010.pdf
7
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf
7
�U.S. Department of Transportation
Individual Participation and Redress
DOT should provide a reasonable opportunity and capability for individuals to make informed decisions about the
collection, use, and disclosure of their PII. As required by the Privacy Act, individuals should be active participants
in the decision-making process regarding the collection and use of their PII and be provided reasonable access to
their PII and the opportunity to have their PII corrected, amended, or deleted, as appropriate.
The Privacy ICAO Address Program uses data collected directly from the aircraft owner/operator. An authorized
agent may complete the Privacy ICAO Program application on the aircraft owner/operator’s behalf; in doing so
they would provide aircraft owner/operator’s information and not their own.
Information collected for this Privacy ICAO Program includes the aircraft owner/operator’s name and contact
information (i.e., phone number, e-mail address, and business or home address) which is required to send responses
and issue a new Privacy ICAO Address. Privacy ICAO Address Eligibility Requirements discussed previously in
the PIA is necessary to determine eligibility to participate in the new Privacy ICAO Address Program and is
subsequently necessary in order for the Privacy ICAO Address Program applicant to be issued a temporary Privacy
ICAO address. Additionally, the FAA collects aircraft identifier (i.e., FAA-issued aircraft tail number and
permanently assigned ICAO aircraft address) which is then used to enable FAA to determine which actual aircraft
is associated with a particular Privacy ICAO Address.
Under the provisions of the Privacy Act, individuals may request searches to determine if any records have been
added that may pertain to them. Individuals wishing to know if their records appear in APM system may inquire in
person or in writing to:
Federal Aviation Administration
Privacy Office
800 Independence Ave. SW
Washington, DC 20591
Included in the request must be the following:
Name
Mailing address
Phone number and/or email address
A description of the records sought, and if possible, the location of the records
Individuals wanting to contest information about them that is contained in this system should make their requests in
writing, detailing the reasons why the records should be corrected, to the following address:
Federal Aviation Administration
Privacy Office
800 Independence Ave. SW
Washington, DC 20591
8
�U.S. Department of Transportation
Purpose Specification
DOT should: (i) identify the legal bases that authorize a particular PII collection, activity, or technology that
impacts privacy; and (ii) specify the purpose(s) for which its collects, uses, maintains, or disseminates PII.
Under Title 49 of the United States Code (49 U.S.C.), Subtitle I, Section 106, the FAA is charged with prescribing
regulations on the flight of aircraft (including regulations on safe altitudes) for navigating, protecting, and
identifying aircraft, and the efficient use of the navigable airspace. Under section 44701, the FAA is charged with
promoting safe flight of civil aircraft in air commerce by prescribing regulations for practices, methods, and
procedures the Administrator finds necessary for safety in air commerce.
Privacy ICAO Address Program data and records will be used by the FAA to:
1. Issue a Privacy ICAO Address for eligible aircraft owner/operators; and
2. Validate the installation and performance of the avionics on the aircraft.
The Privacy ICAO Address Program collects the aircraft owner/operator’s name and contact information (i.e.,
phone number, e-mail address, and business or home address). The information is used to send responses and issue
a new Privacy ICAO Address. With the exception of the Privacy ICAO Address, information may be shared in
accordance with DOT/FAA – 801 Aircraft Registration Records (81 FR 54187, August 15, 2016).
The CAR is responsible for developing, maintaining, and operating national programs for the registration of United
States civil aircraft and certification of airmen.
ADS-B Out operates by transmitting the aircraft's unique ICAO address, making public identification by any
individual with an ADS-B receiver possible. The Privacy ICAO Address Program will enable interested aircraft
owners to request an alternate, temporary ICAO aircraft address, which will not be assigned to the owner/operator
in the CAR. Information within the CAR is generally available to the public. Therefore, by default, an aircraft
assigned a Privacy ICAO Address will be harder to identify. To ensure privacy, ADS-B Out is configured to use the
Privacy ICAO Address and third-party call sign instead of the operators permanent ICAO aircraft address and
aircraft registration number (tail number).
For general and business aviation aircraft, the term “aircraft callsign” (aircraft ID) means the radiotelephony
callsign assigned to an aircraft for voice communications purposes. For General Aviation (GA) aircraft, the aircraft
callsign is normally associated with the aircraft registration number (tail number). Mode S transponders
functionality includes automatic transmission of aircraft callsign and Mode S 24-bit aircraft address(es). Both can
be readily used in searching aircraft ownership information via FAA’s CAR. Without the use of third-party Flight
IDs, the broadcasting of aircraft callsign, i.e., N number or aircraft registration number, would still expose aircraft
in CAR and no longer make aircraft operations anonymous.
In order to maintain privacy, and still have identification information readily available to the FAA, Privacy ICAO
Address data is stored within the ADS-B APM. This makes Privacy ICAO Address(es) are harder for the public to
link to identifying information to information in the CAR. The Privacy ICAO Address program manages and
establishes procedures, outside of the CAR, for taking Privacy ICAO Address applications/requests, approving the
requests and ensuring that latest Privacy ICAO Address aircraft operator list are not released or open for public
review.
9
�U.S. Department of Transportation
Data Minimization & Retention
DOT should collect, use, and retain only PII that is relevant and necessary for the specified purpose for which it
was originally collected. DOT should retain PII for only as long as necessary to fulfill the specified purpose(s) and
in accordance with a National Archives and Records Administration (NARA)-approved record disposition schedule.
The FAA collects the minimum amount of information necessary to establish and maintain a record to support the
Privacy ICAO Address Program. Aircraft owner/operator’s name and contact information (i.e., phone number, email address, and business or home address) is used to send responses and issue a new Privacy ICAO Address.
Records for the Privacy ICAO Address Program will be maintained as permanent records until FAA receives an
approved disposition authority from the National Archives and Records Administration (NARA). The FAA is
recommending maintaining the records for 45 days to a year. The aircraft identification, owner/operator
information, compliance reports, coverage maps, and data files will be destroyed after one year. The ADS-B
surveillance data will be destroyed after 45 days.
The retention of the records allows for research, a complete history of aircraft owner/operators that have a Privacy
ICAO Address.
Use Limitation
DOT shall limit the scope of its PII use to ensure that the Department does not use PII in any manner that is not
specified in notices, incompatible with the specified purposes for which the information was collected, or for any
purpose not otherwise permitted by law.
With the exception of the new Privacy ICAO Address, sharing of Privacy Act records collected, used, and
maintained as part of the Privacy ICAO Address Program is done in accordance with the Department’s system of
records notice DOT/FAA – 801 Aircraft Registration Records (81 FR 54187 – August 15, 2016). In addition to
other disclosures generally permitted under 5 U.S.C. §552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DOT as a routine use pursuant to 5 U.S.C. §
552a(b)(3) as follows:
To the public (including government entities, title companies, financial institutions, international
organizations, FAA designee airworthiness inspectors, and others) information, including aircraft owner’s
name, address, United States Registration Number, aircraft type, and ADB–S summary reports.
To law enforcement when necessary and relevant to an FAA enforcement activity.
The Department has also published 14 additional routine uses applicable to all DOT Privacy Act systems of
records. These routine uses are published in the Federal Register at 75 FR 82132, December 29, 2010, and 77
FR 42796, July 20, 2012, under ‘‘Prefatory Statement of General Routine Uses’’ (available at
http://www.transportation.gov/privacy/privacyactnotices).
10
�U.S. Department of Transportation
Data Quality and Integrity
In accordance with Section 552a(e)(2) of the Privacy Act of 1974, DOT should ensure that any PII collected and
maintained by the organization is accurate, relevant, timely, and complete for the purpose for which it is to be used,
as specified in the Department’s public notice(s).
Within the Privacy ICAO Address Program, aircraft owner/operators are responsible for the accuracy of information
they provide during the application and confirmation. If an invalid aircraft registration number, Aircraft ID, or
ICAO aircraft address is provided by the aircraft owner/operator during the application process, the system will not
process the application.
To ensure quality control of the Privacy ICAO Address Program, aircraft owners/operators are not issued the same
Privacy ICAO addresses at the same time. The Privacy ICAO address may be reused but not within a minimum of
30 days following the last use. Lastly, FAA use Captcha to distinguish that aircraft owners/operators are human
and not a machine.
Security
DOT shall implement administrative, technical, and physical measures protect PII collected or maintained by the
Department against loss, unauthorized access, or disclosure, as required by the Privacy Act, and to ensure that
organizational planning and responses to privacy incidents comply with OMB policies and guidance.
FAA protects PII with reasonable security safeguards against loss or unauthorized access, destruction, usage,
modification, or disclosure. These safeguards incorporate standards and practices required for federal information
systems under the Federal Information Security Management Act (FISMA) and are detailed in Federal Information
Processing Standards (FIPS) Publication 200, Minimum Security Requirements for Federal Information and
Information Systems, dated March 2006; and National Institute of Standards and Technology (NIST) Special
Publication (SP) 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and
Organizations, dated April 2013.
The APM was issued a three-year Authorization to Operate (ATO) on January 29, 2017. In addition, the ATO will
be updated based on the outcome of current security testing and evaluation in accordance with FISMA. Access to
the APM and the Privacy ICAO Address Program application is limited to those with appropriate security
credentials, an authorized purpose, and need to know. The FAA deploys role-based access controls in addition to
other protection measures reviewed and certified by the FAA’s cybersecurity professionals to maintain the
confidentiality, integrity, and availability requirements of the system. The Privacy ICAO Address Program web
application’s “review” function will also provide FAA representatives with Privacy ICAO Address application
status to determine number of Privacy ICAO Addresses issued. The function of the web application is only
accessible to FAA-authorized personnel.
Accountability and Auditing
DOT shall implement effective governance controls, monitoring controls, risk management, and assessment
controls to demonstrate that the Department is complying with all applicable privacy protection requirements and
minimizing the privacy risk to individuals.
11
�U.S. Department of Transportation
FAA’s Office of the Chief Information Officer, Office of information Systems Security, Privacy Division is
responsible for governance and administration of FAA Order 1370.121 FAA Information Security and Privacy
Program and Policy provides implementation guidance for the various privacy requirements of the Privacy Act of
1974 (the Privacy Act), the E-Government Act of 2002 (Public Law 107-347), the FISMA, Office of Management
and Budget (OMB) mandates, NIST and other applicable DOT and FAA information and information technology
management procedures. In addition to these practices, additional policies and procedures will be consistently
applied, especially as they relate to the access, protection, retention, and destruction of PII Federal and contract
employees are given clear guidance in their duties as they relate to collecting, using, and processing privacy data.
Guidance is provided in the form of mandatory annual security and privacy awareness training, as well as FAA
Order 1370.121. The FAA will conduct periodic privacy compliance reviews of Privacy ICAO Address Program
in accordance with the requirements of OMB Circular A-130.
Responsible Official
David E. Gray
Program Manager
Reviewing Official
Claire W. Barrett
Chief Privacy &Information Asset Officer
Office of the Chief Information Officer
12
�U.S. Department of Transportation
Appendix A: ADS-B Performance Monitor (APM) Overview
ADS-B Performance Monitor (APM) system enables the FAA to monitor aircraft ADS-B equipment performance
by:
Identifying ADS-B Out equipment installed on aircraft and surface vehicles performing below the
requirements defined in the ADS-B Out Final Rule; and
Monitor ADS-B Out equipment performance and equipage rate.
ADS-B Out information received by FAA ground stations is collected in the APM. The APM processes this
information and calculates how well a given ADS-B Out equipped aircraft meets FAA performance requirements
identified in the ADS-B Out Final Rule. The APM reports are used by the FAA to determine performance outcomes
of aircraft and provide performance metrics for ADS-B Out equipped aircraft.
The APM produces a Public ADS-B Performance Report (PAPR) for anyone requesting information about the
performance of an ADS-B Out equipment installation. This report is available independent of the Privacy ICAO
Address Program. After January 1, 2020, the FAA organization will utilize the ADS-B Compliance Monitor to
enforce compliance with 14 CFR §§ 91.225 and 91.227. PAPR data provides information on the performance of an
aircraft ADS-B’s system for a specific flight and either verifies proper ADS-B system operation or identifies
specific parameters received by the FAA’s ground system, which failed to comply with established standards.
ADS-B system performance data identified within a PAPR is useful to aircraft avionics maintainers when
performing post-installation compliance/configuration checks and fault isolation. For additional information about
the PAPR please visit: https://adsbperformance.faa.gov/PAPRUsersGuide.pdf.
13
�
| File Type | application/pdf |
| File Title | Microsoft Word - Privacy - FAA - Privacy ICAO - Approved - 121919.docx |
| Author | Claire.Barrett |
| File Modified | 2019-12-19 |
| File Created | 2019-12-19 |