The FAA effected changes to the manner in which it blocks aircraft data in its Aircraft Situation Display to Industry (ASDI) and National Airspace System Status Information (NASSI) data feeds. The FAA published the changes in the Federal Register on June 3, 2011 (76 FR 32258) (the "Notice"). That Notice explained that "the FAA will require [subscribers] to block from ASDI and NASSI data-feeds available to the public any general aviation aircraft or on-demand aircraft the registration number for which a Certified Security Concern has been provided to the FAA..." 76 FR 32258. The Notice defined a "Certified Security Concern" as "based on either (a) the facts and circumstances establishing a Valid Security Concern ... or (b) the general aviation aircraft owner or operator satisfying the requirement for a bona fide business-oriented security concern under Treasury Regulation 1.132-5(m), 'Employer-provided transportation for security concerns,' 26 CFR 1.132-5(m)." 76 FR 32259-60.

Since its publication, the FAA has received questions from the public about the Notice. This Q&A responds to some of those questions relying on information provided in the Notice.

1. Question:  What is a Valid Security Concern?

   Answer—As explained in the Notice, an aircraft owner or operator may certify a security concern based on a Valid Security Concern. A Valid Security Concern is defined in the Notice as "the facts and circumstances establishing ... a verifiable threat to person, property, or company, including a threat of death, kidnapping or serious bodily harm against an individual, a recent history of violent terrorist activity in the geographic area in which the transportation is provided, or a threat against a company." 76 FR 32259-60. As stated in the Notice, "a generalized, non-specific security concern" would not constitute a Valid Security Concern. 76 FR 32261.

2. Question:  Is an independent security study necessary to establish a Valid Security Concern?

   Answer—No, the facts supporting a Valid Security Concern need not be compiled in an independent security study. The facts and circumstances can be identified through a self-evaluation.

3. Question:  At what point in time must the Valid Security Concern be present?

   Answer—At the time of certification.

4. Question:  Does the FAA require an aircraft owner or operator to provide to FAA documentation of the Valid Security Concern?

   Answer—No, the FAA does not require documentation to be submitted with a certification.

5. Question:  Does the FAA have a form or standard format for Certification and Re-certification?

   Answer—No. The FAA expects certifications to include limited information. If an aircraft owner or operator is relying on a bona fide business-oriented security concern under Treasury Regulation 1.132-5(m), the owner or operator need only submit a written certification identifying the particular aircraft at issue and certifying that it has a bona fide business-oriented security concern, as defined in 26 C.F.R. § 1.132-5(m), with respect to one or more of its employees and such employee(s) travel(s) on the aircraft at issue.

   Alternatively, an aircraft owner or operator relying on a Valid Security Concern can submit a written certification identifying the particular aircraft at issue and certifying that a Valid Security Concern, as defined in the Notice, exists regarding the security of the owner's or operator's aircraft or aircraft passengers. As set forth in the Notice, an owner or operator of an aircraft conducting on-demand operations must also specify the period of time during which a Valid Security Concern will exist with respect to that aircraft or aircraft passengers. 76 FR 32264-65.

   As provided in the Notice, all certifications should specify whether the request is to block the aircraft identification prior to the FAA's release of the data-feed or to block the aircraft identification from release by the industry subscribers to the FAA's data feed. 76 FR 32265. Should a specific request not be made, the FAA will block the aircraft identification prior to releasing the data to subscribers. Id.

6. Question:  How often must a Certified Security Concern be submitted to the FAA?

   Answer—The Notice provides that certification must be made at least annually. 76 FR 32265. Aircraft owners and operators submitting re-certifications should do so based on their security situation at the time of re-certification.

7. Question:  Will the FAA protect the information submitted, under the Freedom of Information Act (FOIA)?

   Answer—In response to a request for information under the Freedom of Information Act (FOIA), 5 U.S.C. 552, the FAA may withhold information as permitted under the FOIA exemptions, 5 U.S.C. 552(b)(1) through (9), or exclusions, 5 U.S.C. 552(c)(1)-(3). However, the FAA administers FOIA "with a 'clear presumption: in the face of doubt, openness prevails.'" 76 FR 32261. As stated in the Notice, the changes to the manner in which the FAA blocks aircraft data in its ASDI and NASSI data feeds is "justified by disclosure and openness requirements set forth in Federal law, executive branch directives and policies, and court decisions." 76 FR 32260. These same factors would be considered in responding to a FOIA request for information relating to certifications.

8. Question:  Where should I submit my Certified Security Concern?

   Answer—Submit your Certified Security Concern by electronic mail at CertifiedSecurityConcern@faa.gov, or by regular mail at FAA Certified Security Concern; ATO System Operations Services; Room 1002; 800 Independence Avenue, SW; Washington, DC 20591.