Repair Station Security Rule is Finally Here!

January 10, 2014 by Leave a comment

The long-awaited Repair Station Security rule is scheduled to be published in the Federal Register on Monday.

The rules are authorized under the repair station security statute (49 U.S.C. 44924). That statute barred the FAA from certifying any new foreign repair station until TSA security audits are completed for existing stations.  Now that the rules are out, once TSA has audited all existing repair stations, the FAA may be able to once again start issuing foreign repair station certificates.

The final rule contains the following requirements:

  • To Whom Does this Apply?: The regulations apply to repair stations certificated by the FAA under Part 145, except repair stations located on a U.S. or foreign government military base.  All repair stations are subject to inspection as provided in the rule and to Security Directives should there be a security need. However, the rule text requires only certain repair stations, discussed below, to carry out security measures on a regular basis.
  • TSA Inspection Authority. Repair stations must allow TSA and other authorized DHS officials to enter, conduct inspections, and view and copy records as needed to carry out TSA’s security-related statutory and regulatory responsibilities. For repair stations not required to carry out security measures on a regular basis (i.e., those repair stations not located on or adjacent to an airport), TSA does not intend to inspect such facilities, except (1) for compliance with security directives issued by TSA and with airport security programs required by TSA (for those repair stations that are included in an airport security program), and (2) to respond to security information provided to TSA by U.S. or foreign government entities.
  • Implementation of Security Measures: The security measures in this rule cover repair stations that are on or adjacent to certain airports. TSA will consider a repair station to be “on airport” if it is on an air operations area (AOA) or security identification display area (SIDA) of an airport covered by an airport security program under 49 C.F.R. part 1542 in the United States, or on the security restricted area any commensurate airport outside the United States regulated by a government entity.   TSA will consider a repair station to be adjacent to an airport if there is an access point between the repair station and the airport of sufficient size to allow the movement of large aircraft between the repair station and the area described as “on airport.”
  • What are “Security Measures?”: Repair stations required to implement “security measures’ will be required to (1) designate a point of contact(s) to carry out specified responsibilities; (2) prevent the unauthorized operation of large aircraft capable of flight that are left unattended; (3) verify background information of those individuals who are designated as the TSA point(s) of contact; and (4) verify background information of those individuals who have access to any keys or other means used to prevent the unauthorized operation of large aircraft capable of flight that are left unattended.
  • Security Directives: Repair stations are required to comply with Security Directives (SDs) issued by TSA.  We had objected to Security Directives to the extent that they could represent rulemaking activities promulgated in the absence of notice and comment rulemaking procedures.  TSA has added language to the final rule to clarify that repair stations may comment on SDs issued by TSA, but TSA has imposed on itself no obligation to respond to such comments.  Thus, we remain concerned that Security Directives could be used to promulgate new rules in circumvention of the notice-and-comment requirements of the Administrative Procedures Act.
  • Notification of Deficiencies; Suspension of Certificate and Review Process: The regulations describe the process whereby TSA will notify the repair station and the FAA of a security deficiency identified by TSA and provide an opportunity for the repair station to obtain review of a determination by TSA to suspend its operating certification.  Such a suspension would be an immediately-effective suspension that would not be stayed through petition for review (note that 49 U.S.C. 44924(c) already requires the FAA to suspend or revoke a certificate upon the advice of TSA).  This could give TSA tremendous power to impose interpretations of their standards that may be beyond the published scope of the rule, and the repair station may be largely powerless to seek review of those standards, because the only practical way to seek review is to be accept suspension during the entire period of the review process (TSA is allowed to grant itself an extension so the time limits on TSA action may be meaningless).  TSA would perform an internal review of the petition for review and would create the record but then the matter would be subject to review by a Court of Appeals.
  • Immediate Risk to Security; Revocation of Certificate and Review Process: The regulations specify that when TSA determines a repair station poses an immediate risk to security, TSA will notify the repair station and the FAA that the certificate must be revoked. The regulations also provide the process for the repair station to obtain review of such a determination.  Many of the same concerns regarding suspension apply to the revocation process as well.

The new rule can be found online at http://origin.library.constantcontact.com/download/get/file/1102873717486-941/TSA+Security+Rule+Published.pdf.

Filed under Uncategorized Tagged with , , , ,

Required “Consent to Search” Could Result in Danger to Your Shipment

December 10, 2012 by 1 Comment

One of ASA members recently asked questions about the Consent to Screen letter, which is an obligation derived from TSA regulations.

TSA regulations require air carriers and freight forwarders to have security programs. The Consent to Screen letter authorizes an air carrier or freight forwarder to screen cargo as part of their TSA-required security program.

The member raised two sets of concerns about the unintended impact on aviation safety of these letters. First, a search of some aviation materials could result in damage that might airworthiness of the part, and the shipper could be held responsible despite the fact that the freight forwarder had actually occasioned the damage. The second concern is whether a shipper can impose burdens on the freight forwarder (like a duty to warn that cargo has been subject to search so we can warn our customer to inspect for damage) or whether the freight forwarder can impose burdens on a shipper (like freight forwarder language that seeks indemnification from the shipper or otherwise seeks to shift any legal burden or liability).  Under the current law, there are no clear answers to respond to either of these issues.

From TSA’s perspective, the form of the Consent to Screen letter appears to be a matter of commercial practice. They do not appear to have any specific instructions in the regulations for what must be included in the consent letter, only a requirement that consent (to the searches covered by the regulations) is required.

The regulations state that an aircraft operator “must refuse to transport any cargo if the shipper does not consent to a search or inspection of that cargo” in accordance with the security system established under the regulations. 49 C.F.R. § 1544.205(d); see also 49 C.F.R. § 1546.205(b); 49 C.F.R. § 1548.9(b). The regulations also provide that any certified cargo screening facility (this is the category in which many freight forwarders fall) must refuse to offer to another certified cargo screening facility or aircraft operator any cargo if the shipper does not consent to a search or inspection of that cargo. 49 C.F.R. § 1549.101(c).

The regulations do not specifically state what form the consent to screen must take. However, the Certified Cargo Screening Program records keeping provision does provide that “[e]ach certified cargo screening facility must maintain records demonstrating compliance with all statutes, regulations, directives, orders, and security programs that apply to operation as a certified cargo screening facility.” 49 CFR 1549.105(a). Additionally, the Preamble to the Air Cargo Security Requirements Final Rule states that:

“While TSA does not state in which manner the shipper’s consent to search or inspect cargo be obtained, it does require that the consent be explicit and in writing. TSA allows aircraft operators, foreign air carriers, and IACs to manage the collection of consent to search in a manner consistent with individual operational needs.”

71 Fed. Reg. 30477, 30486 (May 26, 2006) (emphasis added).

So the requirement for a written consent comes from the preamble to the rule (not from the actual regulations).  Written consent is further implied (but not required) by TSA regulations that require the freight forwarder to retain records (thus implying that such records must be in a format that may be retained).

Any record keeping requirement that the government wants to enforce has to be first approved by OMB.  The OMB approval referenced in the TSA rule was limited only to creation of security programs and imposed no burden on shippers. This means that TSA may be precluded from bringing an enforcement action against a shipper for non-compliance with the record-keeping requirement; but this does not stop a freight forwarder from refusing to do business with a shipper who does not complete the consent form that the freight forwarder insists upon.

In the preamble to the rule that established the obligation for the consent letters, TSA notes that “[t]he regulations allow a shipper to provide a blanket authorization, as proposed by IBM.” IBM’s proposal was simply “We suggest that the best alternative would be to permit the shipper to give a blanket authorization to the IAC as part of their contract or other supporting document or instruction to the IAC.”  [‘IAC’ is an Indirect Air Carrier]  This TSA response sheds little light on the question of whether the freight forwarder or the shipper can impose commercial obligations on the other party through the blanket consent.

There is a very real danger of damage to the parts as a consequence of a search by TSA or by the freight forwarder. For example, avionics and other electronic equipment can be very sensitive to electro-static discharge. Most distributors of ESD-sensitive equipment have special workstations and infrastructure designed to protect ESD-sensitive equipment from ESD-related damage. It is likely that a freight forwarder lacks this ESD-protection infrastructure. Thus, a freight forwarder performing a search could damage ESD-sensitive equipment (and might not even know it).

This raises a strong argument in favor of the proposition that distributors should be able to seek notification when TSA or a freight forwarder performs an inspection of freight.  Such notification would afford the shipper an opportunity to ask the recieving party to confirm that the inspection has not resulted in damage that could adversely affect airworthiness.  But at present there is no means to obtain such notification short of making a part of the contract with the freight forwarder.

Unfortunately, some freight forwarders actually include, as part of their standard consent to search form, a commitment from the shipper to indemnify and hold harmless the freight forwarder from damages, including in situations where the fright forwarder itself damages the shipment during the inspection.  In some cases, these clauses may be unenforceable if there is no additional value provided in exchange for this indemnification, but in many cases the freight forwarders primary duties may serve as consideration to support enforcement of the indemnification clause.

Distributors should be vigilant about such clauses and should consider whether they should reasonably be part of the consent to search form that the distributor provides to the freight forwarder.

Filed under Uncategorized Tagged with , , , , , ,

TSA Security Rule for Repair Stations (Status Update)

July 11, 2011 by Leave a comment

Yes, TSA is still working on its Repair Station Security rule.

The 2003 FAA Reauthorization called for the Department of Homeland Security (DHS) to develop a program that ensures security of domestic and international aircraft repair stations.

TSA published their Notice of Proposed Rulemaking (NPRM) on Repair Station Security on November 18, 2009. The comment period closed on February 19, 2010, and they received over 300 comments.

In their past testimony to Congress, TSA has recognized:

There is no “typical” repair station. They take many forms depending upon the type of maintenance performed, number of employees, and location. Some repair stations are on airport premises, but many are located in industrial parks nearby. Work can range from major aircraft overhauls to repairing radios or sewing seat cushions.

This has made the regulatory process particularly difficult for TSA, as they have attempted to develop a rule that meets Congressional intent while at the same time recognizing the variety of operations (and of threat levels) that exist.

The TSA rulemaking team is still working on the comments and the Final Rule is anticipated for later this year, according to government sources as well as the Unified Agenda.

Filed under Uncategorized Tagged with , ,