More Protection?

More Protection?

FAR 193

Stephen P. PrenticeBy Stephen P. Prentice

September 2001

Author’s Note: In AMT July 2001, we talked about the Whistleblower protection statute that insulates employees from reprisal when reporting air carrier or repair station safety violations. This month we address an additional protection item that became effective on July 25, 2001.

A new regulation (14 CFR 193), recently enacted, is designed to protect sensitive safety information from general publication; however, with certain reservations. The FAA has been actively seeking to develop a process whereby participating air carriers can share routinely collected sensitive operations data with the FAA so that it may be analyzed for safety concerns. What has prevented this program from going forward was, and still is, the carriers’ fear that the information may be released to the public. This typically could be done through the Freedom of Information Act or through Court process and used against them or their flight crews and technicians. This is a very legitimate concern, especially in view of the litigation and certificate enforcement frenzy in the industry today and in the recent past. The new rule, it is claimed, will allow FAA to collect the hard data they need to develop a much broader view of airline safety and still protect it from prying eyes. Many will find it difficult to discern just how this will work. The claim is that the information collected potentially could prevent accidents. Just about any effort can potentially prevent accidents. Still, many in the industry fear that it will be used for enforcement or other threatening action.

History – voluntary reporting programs
The FAA offers a number of voluntary disclosure programs. The Aviation Safety Reporting System (ASRS) is well-known and routinely used by certificate holders and provides immunity from sanction for pilots, technicians, air carriers and others if the violation is reported within 10 days. (AC 00-46C and FAR Part 91.25). Regulation prevents the public use or publication of any information provided under this program.
Air carriers commonly use the AC 00-58 Self-Disclosure program to confess violations before the FAA finds them. It only applies to air carriers and provides a certain level of immunity from sanction when corrective action is prompt and effective. Yet, there is no guarantee of immunity.

FOQA – Flight Operations Quality Assurance
A third area that includes self-disclosure of otherwise proprietary information is the Flight Operations Quality Assurance program. (FOQA). The FAA drafted FAR 193 to address air carrier concerns about disclosure of flight operations data.
FOQA is a system of data collection by air carriers that supplies information from otherwise uneventful airline flights to the FAA. The idea is, that by analysis, potential safety problems can be identified and corrected before they lead to accidents. It has been popular in Europe and the JAA has encouraged its use.
To participate, an air carrier must install what is called a Quick Access Data Recorder. This recorder is capable of gathering much more information than the Flight Data Recorder. For example, the Quick Access Data Recorder can keep track of hard landings and other flight deviations or engine overspeeds and overtemps, etc. The kicker here is that information would be provided automatically to the FAA and presumably to other participants in the program.
The primary threat is the use of this data in lawsuits or other legal proceedings and in FAA enforcement actions. Enforcement actions, as we all know, can lead to criminal indictments. Pursuit of criminal actions is one of the exceptions to the rule of protection of the data. Flight crewmembers, technicians and their companies have a very legitimate concern about the dissemination and use of this data against them.

The difference
Keep in mind that the Flight Data Recorder (FDR) and Cockpit Voice Recorder (CVR) data are not routinely retrieved until after an accident. And, cockpit voice recorder data can’t be used in any FAA enforcement action (FAR 121.359). The recording is also protected by federal law from being revealed in any civil litigation without a court order. The FDR information is supposed to be used only to corroborate other evidence in any legal proceeding. It is not to be used by itself for certificate enforcement action.

The problem and the attempted solution
Air carriers figured that if all this data was routinely collected by the FAA, how would it be protected from use by adversaries or FAA enforcement lawyers? The FAA would get no help from industry unless there were substantial and clear assurances in a law to protect the information supplied.
Although the Administrator has publicly announced that they would not use FOQA data for enforcement actions, FAA attorneys have raised some legal questions about their duty to bring actions for the public safety. There could be an in-house dispute over the use of the information and you know who would lose.

Cali, Columbia
A little history tells part of the story. When the American Airlines accident enroute to Cali, Colombia in 1995 found its way into court, the plaintiff’s attorneys sought copies of flight operations safety data from American Airlines. American refused to provide any of their safety critical data for obvious reasons. The Judge, however, granted the plaintiff’s request for American to turn over sensitive safety critical data. Although the American data would not come under the protection of FAR 193, since it was not at that time submitted to the FAA, this action would apply to the FAA under 193 if a court so ordered. That Court refused to provide American with any protection for their safety-sensitive data. So far, courts have generally refused to provide any protection for this kind of data. Perhaps FAR 193 will give courts some pause in ordering the turnover of data, but I would not bet on it. Air carriers should therefore still be concerned about providing FAA any data that might be damaging, especially if they can’t review it in advance.
FAA drafted FAR 193 in an attempt to avoid the problem. However, to some, it seems to complicate the very simple mandate of the law. One should note that when faced with a request for data from a court, FAA can fight the request, but would have to comply with any order to turn over the data in accordance with FAR 193! You can be sure that they will win some and lose some.

The law - 49 USC 40123 (1996) – Very clear
The FAA Reauthorization Act of 1996 started the ball rolling on protection of information by enacting 49 USC 40123 to attempt to address the problem.
"—neither the Administrator —nor any agency receiving information from the Administrator, shall disclose voluntarily provided safety or security related information, if— (1) —disclosure would inhibit the voluntary provision of that kind of information and that—.information aids in fulfilling the Administrator’s safety and security responsibilities..."
Following Congress passing this relatively simple law, FAA published the not so clear FAR 193, effective July 25, 2001.
Per the regulation, the person or company seeking protection from disclosure must file an application requesting that the information be protected. The FAA reviews the application and it is then published in the Federal Register requesting comments. After reviewing comments, the FAA must find that the following elements are met. In order to be protected, the information:
1. Must be provided voluntarily
2. Must be safety or security related
3. Disclosure would inhibit the voluntary nature of the information
4. The information aids FAA’s safety and security duties
5. Withholding of the information aids FAA safety and security responsibilities
Keep in mind that only information collected under this voluntary disclosure program is protected. Information obtained by FAA through other means is not protected under FAR 193 and could be disclosed.

The regulation provides specific instances when disclosure can be made (193.9) under any self-disclosure program:
1. To explain the need for changes in policy and regulation
2. To correct a condition that compromises safety or security
3. To carry out a criminal investigation
4. To address threats to civil aviation
There is nothing said in the rule regarding the release of relevant parts of protected information to process airman or air carrier certificate actions, especially as they relate to possible criminal prosecution.
Again, in regard to court proceedings, new Section 193.7 says that if FAA receives a subpoena for protected information, it will not release such information unless ordered to do so by a court of competent jurisdiction. So, notwithstanding all the protective language, a court still has the final say regarding release of protected information. In the Cali case, that Court ordered release of sensitive information.
Finally, disclosures may be made when it is consistent with FAA’s safety and security responsibilities. In the words of the regulation:
"... the Administrator may find that there are additional circumstances under which withholding information provided voluntarily—would not be consistent with the Administrator’s safety and security responsibilities."

This final section of the rule is obviously very broad and gives the Administrator wide latitude to disclose anything. The simplicity of the law (49 USC 40123) cited above, seems lost in FAR 193. Only time will tell if it will be effective and if the air carriers will buy it.
Many will conclude that the language of the regulation makes air carrier information about as secure as a rowboat in a hurricane! Read FAR 193 and let me know what you think.