OMB Watch recently submitted public comments to the Federal Energy Regulatory Commission on its recent Notice of Proposed Rulemaking. The comments raised strong objections to the information restriction measures being proposed by FERC and urged the agency to transfer this issue to Congress where it would be more appropriate to address this issue. The full comments submitted to FERC are below or can be downloaded as a pdf file here. October 14, 2002 Office of the Secretary Federal Energy Regulatory Commission 888 First Street, NE. Washington, DC 20426 RE: Docket No. RM02-4-000 and PL02-1-000 Dear Secretary: OMB Watch appreciates the opportunity to comment on the Federal Energy Regulatory Commission’s (FERC) proposed rulemaking, published in the Federal Register on September 13, 2002. OMB Watch understands FERC’s concern that after the attacks on September 11, 2001, it could possibly be providing information that may be helpful to terrorists. However, we are strongly opposed to the measures being proposed to address this concern, as well as the commission’s process in developing its rule. OMB Watch is a nonprofit research and advocacy organization that has as its core mission government accountability and improving citizen participation. Public access to government information has been an important part of our work for more than 15 years. For example, in 1989, we launched RTK NET, an online service providing public access to environmental data collected by EPA, which has given us both practical experience and policy experience with disseminating government information. Additionally, OMB Watch has been very engaged in agency regulatory processes, encouraging agency rules to be sensible and more responsive to public need. We believe a reexamination and evaluation of the policies that categorize and manage the agency’s information is completely sensible and even prudent in light of the increased threat of terrorism. It is evident that several other federal agencies are engaging in such an effort. However, such efforts should always be made with careful consideration and specific criteria. Information collected and disseminated by government agencies, such as FERC, provide enormous benefits to the public and should not be withdrawn lightly. Unfortunately, FERC gave the public no opportunity to comment before it withdrew tens of thousands of documents, and provided only limited explanation for this removal and almost no criteria for the selection of information removed. Furthermore, there has been almost no acknowledgement of the benefits of public access to government information. It is also important to note that while FERC is not the only agency to review the information it provides and its access policies, it is the only agency to attempt a formal rulemaking to alter public access. Given the difficult and weighty task FERC is attempting, as well as the binding and formal nature of rulemaking, FERC should engage in the most comprehensive and transparent process possible to clearly establish the justification for its actions. Pace of Activities In October 2001, very shortly after the September 11 attacks, FERC released an initial policy statement vaguely explaining that access to certain information would be restricted. Soon after, FERC, without first seeking public input, removed or restricted huge amounts of information, and according to the rulemaking proposal, this process “affected tens of thousands of documents.” On January 16, 2002, FERC announced a Notice of Inquiry (NOI) (published in the Federal Register on January 23, 2002) seeking public input on possible regulatory changes that would allow the agency to restrict unfettered general public access to what it termed Critical Energy Infrastructure Information (CEII). Among the questions FERC sought to resolve in the Notice of Inquiry were:

(1) Whether there are any statutory or regulatory impediments to FERC protecting CEII?

(2) How should CEII be defined?

So only after FERC began its action, removing tens of thousands of documents and sealing off critical information necessary to informed public participation, did FERC begin the debate over whether this was legally allowable and how to define CEII – which FERC must have defined internally in order to decide which documents to restrict. It appears that FERC either acted rashly prior to fully considering these issues, or engaged in the public comment process only as a formality after having already answered the major questions. Transparency and Participation Even with the Notice of Inquiry and Rulemaking Proposal published in the Federal Register and extended public comment periods, FERC’s process has had little actual transparency. The term “Critical Energy Infrastructure Information” is only vaguely defined as information deemed potentially useful to a person planning an attack on "production, generation, transportation, transmission or distribution of energy." This vague definition is all that most of the general public had to evaluate CEII because in a troubling "Catch-22" twist to the public comment process, FERC did not make the appendix, which lists the information being considered for this new restricted status, publicly available. In order to receive the appendix and be better informed as to this process, commenters were required to sign an agreement of non-disclosure. Additionally, any “public” comments that discussed the appendix or included references to it were to have been submitted as “confidential.” Since OMB Watch wants all of our comments to be public we elected not to review the appendix, even though it clearly contained important information for understanding the direction and scope of FERC's efforts. Those that declined viewing the appendix, including us, were at a significant disadvantage in fully crafting constructive comments on the notice. On the other hand, had we chosen to review the appendix, we would not have been allowed to openly discuss or challenge the process. The entire purpose of engaging in a formal notification and public comment period is to achieve a significant level of transparency and participation. This development undermines the credibility of the entire public input process in which FERC claims to be engaging. Criteria The specific criteria that FERC used to determine what information needed to be restricted for security concerns are not thoroughly discussed in either the Notice of Inquiry or the Proposed Rulemaking. In other words, what standards were used to evaluate and establish that documents or records were, or contained, “Critical Energy Infrastructure Information?” This assumes, of course, that FERC actually used defined measures and not simply subjective judgments in removing tens of thousands of government documents from the public domain. In the Proposed Rulemaking, FERC details some of the steps taken to implement the Policy Statement, including disabling the Records and Information Management System’s (RIMS) access to all “oversized documents.” Clearly file size was used as a criterion for removal of information. The explanation given was that these oversized documents “frequently contain detailed infrastructure information.” OMB Watch strongly disagrees with this blunt and clumsy approach. The use of such a simple and broad guideline would surely result in the removal of more information than necessary. It seems unlikely that a clearly deficient and overly strict principle such as file size could be applied “cautiously and methodically” as described in the Notice of Proposed Rulemaking. The Proposed Rulemaking further explains that FERC staff identified and disabled, or denied access to, other documents that they believed were likely to contain “critical energy infrastructure information.” However, nothing about the procedures or guidelines used to make these decisions was discussed by FERC in the Notice. Some criteria and guidelines must have been developed to allow staff to identify documents that might contain “critical energy infrastructure information.” It is unacceptable to restrict access to vast amounts of information and then refuse to openly discuss the types of information or the criteria used to evaluate the information. Under these circumstances, it becomes nearly impossible to provide explicit and constructive feedback. Failure to Recognize Public Benefit FERC’s restrictive approach to CEII does not consider balancing the security benefits of withholding this information against the loss to community health and safety efforts that use the information. Indeed, nowhere in the Notice of Inquiry or the Notice of Proposed Rulemaking does FERC clearly acknowledge the important public benefits of dissemination. The information that FERC collects -- and under this proposed rulemaking may be restricting -- is tremendously useful to those interested in protecting public health and safety, rooting out corporate malfeasance, and participating in long-term community planning. Indeed, many of the facilities reporting to FERC pose inherent risks to workers and nearby communities as a result of “typical” accidents that occur each year. The public can use FERC information to help protect against these risks, which it should be remembered, is a main reason the information was disseminated in the first place. Accordingly, in deciding whether to restrict information for security reasons, FERC should evaluate the information’s public usefulness. Once the importance and benefit of the information is better understood, FERC could more readily explore striking a balance between the two concerns—terrorist security and traditional public right-to-know. FOIA OMB Watch’s strongest objections center around FERC’s proposals for new interpretations of exemptions in the Freedom of Information Act (FOIA). Currently, the public has a very strong right-to-know established by Congress with the passage of, and various refinements to, FOIA. Under FOIA, federal agencies must turn over requested information unless it falls under one (or more) of nine exemptions. Besides halting active dissemination of CEII, FERC’s proposal would restrict all access through an entirely new process outside of FOIA. To justify this, however, FERC must explain why tens of thousands of documents that were previously available to the general public are no longer even requestable under the country’s most established information law. Since FERC does not possess the authority to simply create a new FOIA exemption for CEII, its explanation of why the information is suddenly exempt from FOIA request must be limited to the nine established exemptions. OMB Watch also asserts that FERC does not posses the legal authority to so radically reinterpret FOIA without a new mandate from Congress. This Notice of Proposed Rulemaking is attempting to establish a new category of information, CEII, and methods for handling requests for access to this information. The category is extremely large, covering tens of thousands of documents managed by FERC. Clearly for this large, new category of information to be exempt from FOIA, an entirely new FOIA exemption would be required, or at least a new provision within an established exemption. FERC does not have the authority to create such a new exemption in FOIA. Only Congress can alter or revise a law. Yet even after various public commenters advised FERC that it does not possess the legal authority to restrict information or alter the process of disseminating information in the manner that it proposed, FERC forged ahead with its Notice of Proposed Rulemaking. FERC does attempt to explain in the Notice of Proposed Rulemaking how it can proceed with restricting public access to CEII without violating FOIA. However, OMB Watch believes the explanation falls far short of providing sufficient justification for FERC’s proposed actions; FERC should instead forward this proposal on to Congress for consideration and debate. OMB Watch believes that FERC’s Notice of Proposed Rulemaking violates the separation of powers principle and as such is unconstitutional. An executive branch agency, such as FERC, cannot establish regulations that would essentially legislate changes to established laws. The creation of new exemption categories for FOIA should be left to Congress. OMB Watch continues to strongly urge FERC to not regulate in this area and instead await clarification from Congress on how to handle CEII. FERC claims it is not altering or ignoring its responsibilities under FOIA, citing its ability to make exemptions for competitive harm, program effectiveness and law enforcement activities. OMB Watch strongly objects to each of these new and radical interpretations of established exemptions. These explanations are at best legally questionable given recognized case law defining the boundaries of FOIA exemptions. But more than that, they strain the limits of common sense and good judgment. Competitive Harm FERC asserts that it is possible to exempt CEII under a competitive harm exemption. The commission asserts that financial harm is the foundational issue to the competitive harm clause, and since a terrorist attack on a facility would result in financial harm to that facility, any information that could be used by terrorists would be exempt from disclosure. There are numerous problems with this interpretation of the competitive harm exemption clause. First, reducing the competitive harm clause to financial harm experienced by the submitter oversimplifies the matter. Certainly financial harm is a component of the outcome that the competitive harm exemption is attempting to avoid, but not any and all possible financial harm. Would FERC withhold information that would result in a drop in a company’s stock prices? Certainly not, because it is not FERC’s role to prevent all financial harm under this clause. A key component of the exemption is that the information would be used by a competitor to unfairly affect the competition between the two parties. And while in principle one can state that terrorists are a “competing interest,” that is not the meaning under this clause. In this exemption, a competitor is a party focused on achieving similar goals such as providing a product or service to customers. Terrorists must be seen instead as a separate and contradictory interest with goals in utter opposition to those submitting information to FERC. Broadening this clause from narrowly covering companies’ direct competitors to covering any interests that might contend in any fashion with the interests of the submitting companies would be impractical and counter productive. What about customer rights groups that may use information to establish that price gouging or collusion occurred and demand financially harmful compensation? Is it FERC’s obligation to prevent this outcome? Of course not. This clause was not structured to handle every type of competing interest and should not be awkwardly forced to cover them now. Program Effectiveness In the Notice of Proposed Rulemaking, FERC states that CEII could have a mandatory exemption, as its disclosure would undermine FERC's program effectiveness. FERC explained that while companies are legally required to cooperate with and submit information to FERC, it fears that companies would not be as trusting of the Commission if CEII were disclosed by the Commission, and therefore would be less forthcoming in the more subjective portions of their submissions. According to FERC, this would impair its ability to function effectively, specifically its ability to gather reliable quality information from the more subjective filing requirements. OMB Watch rejects this explanation as little more than a fabrication with faulty reasoning. OMB Watch’s first major objection to this argument is that FERC cannot possibly claim that disclosure of the immense amounts of information that it is proposing to restrict, which has been publicly disseminated for years, inherently undermines its effectiveness as a regulatory agency. If that were the case, then for years FERC would have been a crippled agency with its effectiveness severely compromised by this information not only being available upon request under FOIA but also accessible to the general public without a request on its website and in its reading rooms. The second fault in FERC’s reinterpretation of the program-effectiveness exemption is that it implies that the agency’s effectiveness is based upon trust from companies over which FERC has authority. Is FERC claiming that companies’ motivation for submitting information is one of trust? FERC’s relationship to the companies that submit information is a legally bound, regulatory one. The companies are not “cooperating” in FERC’s efforts to be effective; they are “complying” with the laws and regulations that govern them. While it certainly can be proposed that trust is helpful in a regulatory process, it would not be reasonable to state that it is required. The program effectiveness clause within FOIA was not meant to be a catch-all exemption that allows an agency to withhold any information it pleases based upon trumped up, vague reasoning. The clause allows an agency to preserve its ability to operate by granting it the ability to withhold information that clearly and directly impedes the successful completion of specific functions. For instance, under this clause an agency would not fulfill a FOIA request for a schedule of upcoming surprise inspections. FERC should not attempt to twist this program-effectiveness clause to cover the indirect impact that complying with FOIA requests may have upon the trust of its submitters. Law Enforcement FERC also re-interprets a FOIA exemption for law enforcement activities, which has typically been used to protect information about ongoing criminal investigations or procedures being conducted by the FBI, CIA or police. In its rulemaking proposal, FERC indicates that since it is a regulatory agency required to implement federal laws such as the Federal Power Act and Natural Gas Act, it may utilize this FOIA exemption. OMB Watch questions the validity of FERC’s use of this exemption under FOIA. This exemption is predominately intended for, and has almost exclusively been used by, agencies that conduct criminal investigations such as the police, FBI, and the Drug Enforcement Agency. It also covers investigations and information collected for civil enforcement and proceedings. While FERC does implement laws by promulgating and applying regulations, it does not typically engage in the enforcement investigations and cases that this FOIA exemption is intended to protect. Has FERC ever claimed a law enforcement exemption to a FIOA request prior to the attacks of September 11, 2001? The exact FOIA language of this exemption indicates that it only covers “records or information compiled for law enforcement purposes.” Is it FERC’s claim that these tens of thousands of documents were compiled for the enforcement of energy laws within FERC’s authority? That they all relate to cases or actions that the agency is planning to bring, and the release of the information would either taint fair proceedings or weaken FERC’s ability to prevail? This seems an unlikely explanation. Perhaps FERC is attempting to broaden the exemption to include all information collected by the agency during its efforts to enforce the power and energy laws mandated by Congress. However, such an approach would eliminate most of the information that FERC collects, information that provides important details and facts to the public and interested parties, information specifically collected to provide sufficient notification to the public on energy activities. For instance, FERC would have to stop publicly reporting information collected from its Form 1 - Electric Utility Annual Report that provides a comprehensive picture of electric rate regulation and financial audits. Given the recent Enron scandal and accusations of collusion and price setting, the public benefit of this information is uncontestable. Clearly this law enforcement exemption was not intended to be applied this broadly. OMB Watch strongly objects to FERC's attempts to use the law enforcement exemption as an excuse to restrict selected information it has gathered while enforcing its regulations and laws. That is what the Notice of Proposed Rulemaking implies since it is neither limiting the exemption to information related to enforcement proceedings nor broadening it to cover all of the information collected. It is a selection process that FERC has no authority to perform and it should not be proposed or implied as it is in this reinterpretation of the law enforcement exemption. FERC’s New Management System for CEII In FERC’s rulemaking proposal, the agency states that all CEII would be exempt from FOIA’s mandatory disclosure requirement and instead a “critical energy infrastructure coordinator” would process non-FOIA requests. FERC does not describe what process it will use to select and confirm a “critical energy infrastructure coordinator.” What qualifications will be required of an individual holding this position? What oversight will be conducted to assure the public that misuse, abuse or incompetence does not affect access to needed information? Will there be reporting requirements? Since none of these questions are addressed in FERC’s Notice of Proposed Rulemaking, OMB Watch believes it is irresponsible and premature to replace the effective and well functioning FOIA system with an inadequately described process that has little to no oversight. Conclusion OMB Watch understands that federal agencies face difficult questions and challenges in light of last year’s terrorist attacks, including whether to restrict public access to certain information to better protect the country. While FERC is concerned about what it terms “critical energy infrastructure information” (CEII), the course of action that FERC’s Notice of Rulemaking proposes, and which the agency is indeed already implementing, is inappropriate and extremely troubling. FERC, without proper authority and insufficient justification, is proposing to curtail the legally specified rights of U.S. citizens to all non-restricted information. FERC is hurriedly sacrificing citizen’s rights without a clear understanding of whether its actions are necessary or will result in a safer country. It is clear that if FERC continues with its proposed changes that citizens and state regulators will not be able to obtain information that they routinely require or use the information in public proceedings. OMB Watch cautions FERC that if it proceeds with this rulemaking process as proposed, it will almost certainly face lawsuits and legal challenges. OMB Watch has tried to roughly outline several grounds upon which an interested party could challenge FERC’s rulemaking. OMB Watch urges FERC to cease its efforts to alter its regulations to restrict access to critical energy infrastructure information. While the concerns and questions FERC raises may be valid, they would be more appropriately handled by Congress, than by a murky regulatory process that restricts public information prior to full public involvement. Thank you for consideration of our views. Sincerely, Sean Moulton Senior Policy Analyst