I am slowly making my way through the Federal Aviation Administration’s notice of proposed rulemaking for the streamlining of its launch and reentry regulations for the launch of launch vehicles and the reentry of reentry vehicles by U.S. operators anywhere on Earth (not off), and to or from the United States by an operator of any nationality. Just because an agency says it is streamlining its requirements doesn’t mean that everything it proposes constitutes a reduction in the regulatory burden. For example, the FAA proposes to require information regarding encryption for satellites on orbit, and satellites on orbit are neither launch nor reentry.
Encryption information proposal. We know Congress did not give the FAA the authority to require satellite encryption. So what will it do with the information?
The FAA is walking a very fine line with its proposed request. It wouldn’t technically require a satellite operator to employ encryption. It would merely inquire whether it does. The FAA proposes that a payload operator describe:
any encryption associated with data storage on the payload and transmissions to or from the payload. Encryption helps ensure against cyber intrusion, loss of spacecraft control, and potential debris-causing events. The FAA is proposing these additions to the information requirements for launches to assist other federal agencies because NASA and the Department of Defense frequently have requested this information in response to the FAA’s interagency review in order to determine whether the proposed payload would jeopardize the safety of government property in outer space, or U.S. national security.
The FAA’s authority to stop a launch. In the United States, the Constitution gives Congress, not the Executive Branch, the power to legislate, that is, the power to write laws. Congress may delegate that power (and has done so many times) to the Executive Branch, including to the FAA. Congress has given the FAA some authority over payloads. It’s not much, but it’s some. Under 51 USC 50904(c), Congress said that the FAA:
shall establish whether all required licenses, authorizations, and permits required for a payload have been obtained. If no license, authorization, or permit is required, the Secretary may prevent the launch or reentry if the Secretary decides the launch or reentry would jeopardize the public health and safety, safety of property, or national security or foreign policy interest of the United States.
Congress delegated that authority to stop a launch on the basis of a payload not otherwise licensed in 1984. Since then, however, Congress has been quite clear that it has not provided the FAA the authority to regulate payloads. When Congress granted the FAA the authority to regulate the reentry of reentry vehicles in 1997, the House Committee Report reminded the FAA that the agency did not get to regulate activities on orbit:
The original Act intended that a launch ends, as far as the launch vehicle’s payload is concerned, once the launch vehicle places the payload in Earth orbit or in the planned trajectory in outer space. The Committee wishes to make clear that the Secretary [of Transportation and by delegations the FAA] has no authority to license or regulate activities that take place between the end of the launch phase and the beginning of the reentry phase, such as maneuvers between two Earth orbits or other non-reentry operations in Earth orbit; or after the end of a launch phase in the case of missions where the payload is not a re-entry vehicle.
This seems clear. Mostly, the Committee was intent on making sure that the FAA did not regulate reentry vehicle activities on orbit. It made sure, however, to clarify that payloads that aren’t reentry vehicles also fall outside the FAA’s authority to license or regulate. Thus, the FAA’s authority over a payload should be limited to its ability to stop it from being launched.
Implications of an “information” requirement. If the FAA may not regulate payload operations or other operations on orbit, what does it plan to do with the encryption information it wants to request? Does it plan to assess the adequacy of a payload operator’s encryption? Would it stop a launch if a payload operator did not have encryption? What if another agency was concerned? The FAA cites rational policy reasons for wanting the information, but it must first have the authority to implement them. Just as the FAA may not decide to regulate the meat-packing industry because of rational, sound (but hypothetical) concerns over trichinosis that it fears the Department of Agriculture has failed to adequately address, so should the FAA not start down the road to subtly but effectively imposing requirements on payload operators over whom it does not have authority. Although couched as an information requirement, it the FAA uses a payload operator’s lack of encryption to stop a launch, the FAA is effectively requiring the operator to employ encryption on orbit.
The genuine and sincere interest of these other agencies in the encryption information is not a grant of Congressional authority. Legislative authority does not come from NASA or the Department of Defense, but from Congress. If the FAA does not expect to do anything about the encryption information, then the proposed new burden appears to have no point. If the FAA would do something about it, the FAA would appear to be attempting to regulate on orbit.
The right way to do it. There is a more appropriate avenue for the other agencies to obtain this information. They could seek authority from Congress and have an open conversation about their needs with the Constitutionally designated lawmakers. They could ask Congress to amend the FAA’s statute so that the FAA could ask for this information, and, perhaps, even do something about it. But that has not yet happened.