Canada Gazette

Her Excellency the Governor General in Council, on the recommendation of the Minister of Transport, Infrastructure and Communities, pursuant to sections 4.71 (see footnote a) and 4.9 (see footnote b) of the Aeronautics Act, hereby makes the annexed Regulations Amending the Canadian Aviation Security Regulations.

1. (1) The definitions "Airport Restricted Area Access Clearance Security Measures" and "restricted area pass" in section 1 of the Canadian Aviation Security Regulations (see footnote 1) are repealed.

(2) The definitions "crew member" and "key" in section 1 of the Regulations are replaced by the following:

"crew member" means a person assigned to duty on an aircraft during flight time by the operator of the aircraft. (membre d'équipage)

"key" means a key, card or other device, including a functionality that can be added to a restricted area identity card, that is designed to allow for entry into a restricted area and is issued to an individual by, or under the authority of, an aerodrome operator. (clé)

(3) Paragraphs (b) and (c) of the definition "peace officer" in section 1 of the Regulations are replaced by the following:

(b) a member of the Royal Canadian Mounted Police, a police officer or a police constable;

(c) any person who is designated by the Minister of Public Safety and Emergency Preparedness, the Commissioner of the Royal Canadian Mounted Police or a provincial minister as a peace officer for the purpose of the preservation and maintenance of the public peace at an aerodrome;

(d) an officer who is enforcing any provision of the Immigration and Refugee Protection Act, or of any regulations, warrant, order or direction made under that Act, respecting the arrest, detention or removal from Canada of any person; and

(e) an officer or non-commissioned member of the Canadian Forces who is appointed as a member of the military police under regulations for the purposes of section 156 of the National Defence Act. (agent de la paix)

(4) Section 1 of the Regulations is amended by adding the following in alphabetical order:

"biometric template" means a template that is generated by algorithms that encode an identifiable physiological or behavioural characteristic of a person. (modèle biométrique)

"CATSA" means the Canadian Air Transport Security Authority established under subsection 5(1) of the Canadian Air Transport Security Authority Act. (ACSTA)

"sterile area" means a restricted area, including any passenger loading bridges attached to it, that is used to segregate the following persons from other persons at the aerodrome:

(b) passengers who are exempted from screening in accordance with an aviation security regulation, a security measure, an emergency direction or an interim order; and

3. The portion of section 9 of the Regulations before paragraph (a) is replaced by the following:

9. At the airports that are listed in Schedule 1 and at all other aerodromes where there is a significant demand from at least 5 per cent of the travelling public for services in either official language within the meaning of the Official Languages (Communications with and Services to the Public) Regulations, a screening authority must

35. Nothing in this Part requires a person who is authorized by the Minister to carry out an inspection under subsection 8.7(1) of the Act to be in possession of a restricted area identity card or other document issued or approved by an aerodrome operator as authorization for the person to enter or remain in a restricted area in order to carry out an inspection.

35.1 Credentials issued by the Minister to a person who is authorized by the Minister to carry out an inspection under subsection 8.7(1) of the Act are not a restricted area identity card even if they are compatible with the identity verification system or an aerodrome operator's access control system.

37. (1) CATSA must implement and maintain an identity verification system that is able to automatically verify

(a) that a person in possession of a restricted area identity card is the person to whom the card has been issued; and

(2) The verification referred to in paragraph (1)(a) must be carried out by an on-site matching of biometric data provided by the person and a biometric template stored on the restricted area identity card.

37.1 (1) The Minister, an aerodrome operator and CATSA may disclose to each other any information that is necessary for the proper operation of the identity verification system.

(2) Despite subsection (1), an aerodrome operator must not disclose to CATSA the identity of an applicant for a restricted area identity card or the identity of a person to whom a restricted area identity card has been issued except if the aerodrome operator grants CATSA access to its databases in order to maintain or repair the identity verification system and CATSA's access to the person's identity is incidental to the maintenance or repairs.

(3) CATSA must not collect, use, disclose or retain the identity of an applicant for a restricted area identity card or the identity of a person to whom a restricted area identity card has been issued.

38. (1) An aerodrome operator must ensure that the following information is displayed on each restricted area identity card that it issues:

(f) the name of the employer of the person to whom the card is issued if that person has a single employer;

(g) the terms "multi-employer" and "employeur multiple" if the person to whom the card is issued has more than one employer;

(h) the occupation of the person to whom the card is issued if that person has a single occupation; and

(i) the terms "multi-occupation" and "emplois multiples" if the person to whom the card is issued has more than one occupation.

(2) A restricted area identity card expires no later than five years after the day on which it is issued or on the day on which the security clearance of the person to whom the card is issued expires, whichever is earlier.

(3) Despite subsection (2), a restricted area identity card that is issued to a person who requires access to restricted areas at more than one aerodrome but who is not a crew member or a person authorized by the Minister to carry out an inspection under subsection 8.7(1) of the Act expires no later than one year after the day on which it is issued or on the day on which the person's security clearance expires, whichever is earlier.

(4) All information that is displayed on a restricted area identity card must be in both official languages.

39. (1) An aerodrome operator must not issue a restricted area identity card to a person unless the person

(d) consents in writing to the collection, use, retention, disclosure and destruction of information for the purposes of this Part; and

(2) An aerodrome operator must not issue a restricted area identity card to a person unless the card has been activated.

39.1 A person must not provide false information for the purpose of obtaining a restricted area identity card.

(a) sponsor an employee who does not require ongoing access to restricted areas in the course of their employment; or

(b) knowingly sponsor an employee for more than one restricted area identity card at a time.

39.3 An aerodrome operator must not issue more than one restricted area identity card at a time to a person.

39.4 Before replacing a lost, stolen or non-functional restricted area identity card, an aerodrome operator must ensure that

(a) the person applying for the replacement card is the person to whom the lost, stolen or non-functional card has been issued; and

40. Before collecting information from an applicant under this Part, an aerodrome operator must bring the purposes for which the information is collected to the applicant's attention as well as how the information will be used, retained, disclosed and destroyed.

40.1 (1) In order to create a restricted area identity card for an applicant, an aerodrome operator must collect the following information from the applicant:

(2) The aerodrome operator must, immediately after issuing the restricted area identity card, destroy all fingerprint images and iris images that the operator collected from the applicant and any biometric template created from those images that is not stored on the card.

40.2 (1) In order to allow CATSA to monitor the quality of biometric templates and in order to determine if a restricted area identity card is already active in respect of an applicant, an aerodrome operator must, before issuing the card, disclose to CATSA any biometric templates created from fingerprint images and iris images collected from the applicant. CATSA must not use the biometric templates for any other purposes.

(2) CATSA must notify the Minister if it determines that there is a restricted area identity card that is already active in respect of an applicant.

(3) CATSA must destroy any biometric templates that are disclosed to it in connection with an application for a restricted area identity card as soon as possible in accordance with the Access to Information Act, the Library and Archives of Canada Act, the Privacy Act and any regulations made under those acts.

40.3 CATSA and aerodrome operators must take appropriate measures to protect information that is collected, used, retained or disclosed in accordance with this Part from loss or theft and from unauthorized access, use, disclosure, duplication or alteration.

41. CATSA must activate a restricted area identity card if the Minister informs CATSA that the applicant for the card has a security clearance and CATSA determines that there is no restricted area identity card already active in respect of the applicant.

41.1 CATSA must immediately deactivate a restricted area identity card if the Minister or an aerodrome operator asks CATSA to deactivate the card.

41.2 The Minister may ask CATSA to deactivate a restricted area identity card if

(b) the security clearance of the person to whom the card has been issued is suspended or cancelled.

41.3 (1) An aerodrome operator that has issued a restricted area identity card must immediately ask CATSA to deactivate the card if

(b) the person to whom the card has been issued or their employer informs the aerodrome operator that the card is lost, stolen or no longer functional; or

(c) the person to whom the card has been issued fails, on demand, to present or surrender the card to a screening officer.

(2) An aerodrome operator must not ask CATSA to deactivate a restricted area identity card for a reason other than a reason set out in subsection (1).

(3) An aerodrome operator that asks CATSA to deactivate a restricted area identity card must so notify the Minister.

41.4 An aerodrome operator that has issued a restricted area identity card must notify the Minister immediately if

(a) in the case of a person who has a single employer, the person to whom the card has been issued ceases to be employed or no longer requires ongoing access to restricted areas in the course of his or her employment; and

(b) in the case of a person who has more than one employer, the person to whom the card has been issued ceases to be employed by all of his or her employers or no longer requires ongoing access to restricted areas in the course of his or her employment.

41.5 The employer of a person to whom a restricted area identity card has been issued must immediately notify the aerodrome operator that issued the card if the person ceases to be an employee or no longer requires ongoing access to restricted areas in the course of his or her employment.

41.6 (1) An aerodrome operator that has issued a restricted area identity card must take reasonable steps to retrieve the card if it has been deactivated and must notify CATSA if the card is not retrieved.

(2) If a restricted area identity card has been deactivated, the person to whom the card has been issued must immediately return it to the aerodrome operator that issued it unless the card was surrendered in accordance with this Part or was lost or stolen.

42. An aerodrome operator must not issue a key or assign a combination code or personal identification code to a person for a restricted area unless

(a) the person is a person to whom a restricted area identity card has been issued and the card is active; or

(b) the person is in possession of a document that is issued or approved by the aerodrome operator in accordance with a security measure as authorization for the person to enter or remain in the restricted area.

42.1 An aerodrome operator may add a key functionality to a restricted area identity card only if it is possible to cancel or remove the functionality without damaging or altering any other elements of the card.

42.2 An aerodrome operator must not add to or modify a restricted area identity card in any way that might allow the disclosure to CATSA of information about the person to whom the card has been issued.

42.3 An aerodrome operator must cancel, remove or take back a key, combination code or personal identification code for a restricted area that has been issued or assigned to a person who has been issued a restricted area identity card if

(b) the person no longer requires ongoing access to the restricted area in the course of his or her employment.

(e) blank restricted area identity cards distributed to aerodrome operators; and

(f) restricted area identity cards that have been destroyed by an aerodrome operator.

(2) CATSA must provide the records to the Minister on reasonable notice given by the Minister.

43.1 (1) An aerodrome operator and any person designated by the aerodrome operator to issue restricted area identity cards or keys or to administer combination codes or personal identification codes must keep updated records at the aerodrome respecting

(b) the names of the persons to whom restricted area identity cards or keys have been issued;

(d) blank restricted area identity cards in the aerodrome operator's possession;

(f) keys, combination codes or personal identification codes that have been cancelled, removed or taken back;

(g) deactivated restricted area identity cards that have not been retrieved by the aerodrome operator;

(2) Subject to subsection (3), a record respecting a restricted area identity card that has been deactivated must be retained for a period of at least one year from the day on which the card was deactivated.

(3) A record respecting a restricted area identity card that has been reported as lost or stolen must be retained for a period of at least one year from the card's expiry date.

(4) The aerodrome operator must provide the records to the Minister on reasonable notice given by the Minister.

44. (1) An aerodrome operator must post signs on each restricted area access point and each security barrier, in at least both official languages, that identify each restricted area and state that entry is restricted to authorized persons.

45. An aerodrome operator must implement and maintain a restricted area access control process that uses the identity verification system.

46. A person must not enter a restricted area except through a restricted area access point.

46.1 A person must not enter or remain in a restricted area unless the person is

(b) in possession of a document that is issued or approved by the aerodrome operator in accordance with a security measure as authorization for the person to enter or remain in the restricted area.

46.2 (1) A person to whom a restricted area identity card has been issued must not enter or remain in a restricted area unless

(d) they are in possession of a key that, if applicable, has been issued to them for the restricted area or a combination code or personal identification code that has been assigned to them for the restricted area.

46.3 A person to whom a restricted area identity card has been issued must not enter or remain in a restricted area unless they visibly display the card on their outer clothing at all times.

46.4 An aerodrome operator must ensure that a person is not allowed to enter or remain in a restricted area unless the person is in possession of

(a) an active restricted area identity card that has been issued to him or her; or

(b) a document that is issued or approved by the aerodrome operator in accordance with a security measure as authorization for the person to enter or remain in the restricted area.

47. (1) CATSA must develop and maintain a business continuity plan that, at a minimum, sets out how CATSA will meet the following objectives in the event that it is unable to use the identity verification system to meet the objectives set out in paragraphs (a) to (c):

(c) to allow aerodrome operators to verify whether a restricted area identity card is active or has been deactivated; and

(2) CATSA must immediately implement its plan and notify the Minister and any affected aerodrome operator if CATSA discovers that it is unable to use the identity verification system to meet the objectives set out in paragraphs (1)(a) to (c).

(3) CATSA must immediately notify the Minister and any affected aerodrome operator if it discovers that it will be unable to use the identity verification system to meet the objectives set out in paragraphs (1)(a) to (c) for more than 24 hours.

47.1 (1) An aerodrome operator must develop and maintain a business continuity plan that, at a minimum, sets out how the aerodrome operator will meet the following objectives in the event that it is unable to use its restricted area access control process to meet the objective set out in paragraph (a):

(2) The aerodrome operator must immediately implement its plan and notify the Minister and CATSA if the aerodrome operator discovers that it is unable to use its restricted area access control process to meet the objective set out in paragraph (1)(a).

(3) The aerodrome operator must immediately notify the Minister if it discovers that it will be unable to use its restricted area access control process to meet the objective set out in paragraph (1)(a) for more than 24 hours.

(4) The aerodrome operator must make its plan available to the Minister on reasonable notice.

47.2 (1) CATSA must regularly back up any database that it uses as part of the identity verification system.

(2) An aerodrome operator must regularly back up any database that it uses as part of its restricted area access control process.

USE OF RESTRICTED AREA IDENTITY CARDS, KEYS, COMBINATION CODES AND PERSONAL IDENTIFICATION CODES

(a) may lend or give a restricted area identity card or a key that has been issued to them to another person;

(b) may use a restricted area identity card or a key that has been issued to them to provide access to a restricted area to another person without authorization from the aerodrome operator;

(c) other than an aerodrome operator or a person designated by the aerodrome operator, may intentionally alter or otherwise modify a restricted area identity card or a key;

(d) may use a restricted area identity card or a key that has been issued to another person;

(e) may have in their possession, without reasonable excuse, a restricted area identity card or a key that has been issued to another person;

(f) may use a counterfeit restricted area identity card or a counterfeit key; or

(a) other than an aerodrome operator or a person designated by the aerodrome operator, may

48.1 (1) A person to whom a restricted area identity card or a key has been issued must immediately report its loss or theft to their employer or to the aerodrome operator that issued the card or key.

(2) An employer who is informed by an employee of the loss or theft of a restricted area identity card or a key must immediately report the loss or theft to the aerodrome operator that issued the card or key.

48.2 An employer who is informed by an employee that a restricted area identity card is not functioning must immediately so notify the aerodrome operator that issued the card.

48.3 An aerodrome operator that has issued a restricted area identity card must notify CATSA if the card is reported as lost or stolen.

49. (1) A person in possession of a restricted area identity card who is in a restricted area must, on demand, present the card to the Minister, the aerodrome operator, the person's employer or a peace officer.

(2) A person in possession of a restricted area identity card who is being screened by a screening officer at a restricted area access point or at a location in a restricted area must, on demand, present the card to the screening officer.

50. (1) A person in possession of a restricted area identity card must, on demand, surrender it to the Minister, an aerodrome operator, a screening officer or a peace officer.

(2) The Minister or an aerodrome operator may demand the surrender of a restricted area identity card if

(3) A screening officer may demand the surrender of a restricted area identity card if

(c) the screening officer is conducting screening at a restricted area access point or at a location in a restricted area and the person who is in possession of the card refuses to submit to a screening or to the screening of goods in his or her possession.

(4) A peace officer may demand the surrender of a restricted area identity card if

(b) there is an immediate threat to aviation security, the security of any aircraft or aerodrome or other aviation facility or the security of the public, passengers or crew members and the surrender of the card is required in order to respond to the threat.

50.1 A screening officer or a peace officer to whom a person surrenders a restricted area identity card must return the card to the aerodrome operator of the aerodrome at which the card is surrendered or the aerodrome operator that issued the card.

50.2 An aerodrome operator to which a person surrenders a restricted area identity card must notify the Minister if the aerodrome operator demanded the surrender in accordance with paragraph 50(2)(c).

51. (1) A lessee at an aerodrome must close and lock any door, gate or other device other than an emergency exit if

(a) the lessee has control of and responsibility for the door, gate or other device; and

(b) the door, gate or other device allows access between a restricted area and a non-restricted area.

(2) A lessee at an aerodrome must institute a system, on or near an emergency exit, that prevents access by unauthorized persons to a restricted area if

(b) the emergency exit allows access between a restricted area and a non-restricted area.

51.1 (1) An aerodrome operator must close and lock any door, gate or device other than an emergency exit if

(a) the aerodrome operator has control of and responsibility for the door, gate or other device; and

(b) the door, gate or other device allows access between a restricted area and a non-restricted area.

(2) An aerodrome operator must institute a system, on or near an emergency exit, that prevents access by unauthorized persons to a restricted area if

(a) the aerodrome operator has control of and responsibility for the emergency exit; and

(b) the emergency exit allows access between a restricted area and a non-restricted area.

51.2 Any person who has temporary use or control of a door, gate or other device that allows access between a restricted area and a non-restricted area must prevent access to or from the restricted area by unauthorized persons.

51.3 Unless an authorized person is controlling access between a restricted area and a non-restricted area, a person who enters or leaves the restricted area must

(a) lock the door, gate or other device that allows access to or from the restricted area; and

(b) prevent access to or from the restricted area by unauthorized persons while the door, gate or other device is open or unlocked.

51.4 A person must not prevent a door, gate or other device other than an emergency exit that allows access between a restricted area and a non-restricted area from being locked.

51.5 A person must not open any door that is designated as an emergency exit and allows access to a restricted area unless

52. Except in the case of a passenger who has been screened or a person authorized by the Minister to carry out an inspection under subsection 8.7(1) of the Act, an aerodrome operator must ensure that any person who is in a restricted area and is not in possession of a restricted area identity card is

(a) escorted by a person in possession of an active restricted area identity card that has been issued to them; or

(b) in the case of a confined area, kept under surveillance by a person in possession of an active restricted area identity card that has been issued to them.

52.1 (1) An aerodrome operator must ensure that at least one escort is provided for every 10 persons who require escort.

(2) An aerodrome operator must ensure that no more than 20 per-sons are kept under surveillance by one person at a time.

52.2 (1) A person under escort must remain with the escort while they are in a restricted area.

(2) An escort must remain with the person under escort while they are in a restricted area.

(a) inform the escort of the requirement to remain with the person under escort while they are in a restricted area; and

(b) ensure that the escort remains with the person under escort while they are in a restricted area.

52.3 An aerodrome operator must ensure that a person under escort or surveillance and any goods in their possession are screened at a screening checkpoint before the person enters a sterile area.

52.4 (1) An aerodrome operator is not required to place escorts or surveillance personnel in a vehicle that is in a restricted area and is carrying persons who require escort or surveillance if the vehicle travels in a convoy with an escort vehicle that contains at least one person in possession of an active restricted area identity card that has been issued to them.

(2) The aerodrome operator must ensure that, if they disembark from the vehicle in a restricted area, the persons who require escort or surveillance are escorted or kept under surveillance in accordance with section 52.1.

52.5 An aerodrome operator must ensure that at least one escort vehicle is provided for

(a) every three vehicles requiring escort to or from an air terminal building apron area for a purpose other than snow removal operations;

(b) every six vehicles requiring escort to or from an air terminal building apron area for snow removal operations; and

53. (1) Subject to subsection (2), a person must not enter or remain in any part of an aerodrome that is not a public area if the person has been given notice orally, in writing or by a sign that trespassing is prohibited or that entry is limited to authorized persons.

(2) An aerodrome operator or a lessee at an aerodrome who has the use of, or is responsible for, a part of the aerodrome that is not a public area may allow a person to enter or remain in that part of the aerodrome if

(b) the safety of the aerodrome, persons at the aerodrome and aircraft is not jeopardized.

5. The schedule to the Regulations is replaced by the Schedules 1 and 2 set out in the schedule to these Regulations.

Calgary International Airport
Edmonton International Airport
Halifax International Airport
Montréal/Pierre Elliott Trudeau International Airport
Montréal International (Mirabel) Airport
Ottawa/Macdonald-Cartier International Airport
Toronto/Lester B. Pearson International Airport
Vancouver International Airport
Winnipeg International Airport

Calgary International Airport
Charlottetown Airport
Edmonton International Airport
Fredericton Airport
Gander International Airport
Greater Moncton International Airport
Halifax International Airport
Iqaluit Airport
Kelowna Airport
London Airport
Montréal/Pierre Elliott Trudeau International Airport
Montréal International (Mirabel) Airport
Ottawa/Macdonald-Cartier International Airport
Prince George Airport
Québec/Jean Lesage International Airport
Regina Airport
Saint John Airport
St. John's International Airport
Saskatoon/John G. Diefenbaker International Airport
Sudbury Airport
Thunder Bay Airport
Toronto City Centre Airport
Toronto/Lester B. Pearson International Airport
Vancouver International Airport
Victoria International Airport
Whitehorse International Airport
Windsor Airport
Winnipeg International Airport
Yellowknife Airport

Amendments to the Canadian Aviation Security Regulations to Implement the Restricted Area Identity Card Program

Although Canada has one of the safest and most secure air transportation systems in the world, aviation security remains a primary concern for the Government of Canada and is one of the major priorities identified in Canada's National Security Policy. The Restricted Area Identity Card (RAIC) Program was announced on November 5, 2002, by the Minister of Transport, and is intended to replace and improve upon the existing restricted area pass (RAP) by adding a biometric component to the card. The existing RAP is used to control access to the restricted areas of Canada's major airports. Biometrics authenticate a person's identity by measuring a physical characteristic, such as a fingerprint or an iris pattern, and then comparing that measurement against a template created from the same characteristic. The Minister assigned the Canadian Air Transport Security Authority (CATSA) the responsibility for implementing the Program. Transport Canada and CATSA worked with airport authorities to develop the Program. The RAIC will be a secure identity card for personnel, including flight crews, refuelers, caterers and other personnel who have a defined need to access restricted areas at Canada's major airports.

Biometrics technology is used around the world by various organizations to authenticate identity and will play an important role in helping to keep Canada's airports and skies secure. The December 2001 Federal Budget allocated funds for analysis of advanced security practices and technologies for airports, including biometrics. Airport trials were conducted by Transport Canada and an analysis, which studied practices in other countries, security environments, and various technologies and systems, was performed to determine the options available to apply these elements to Canada's aviation security system. A decision was made by both CATSA and Transport Canada to utilize fingerprint and iris technology. According to the information collected by CATSA, there are no perceived health and safety risks with the use of iris and fingerprint technology for the purpose of RAIC.

The RAIC Program will be implemented by amendments to the Canadian Aviation Security Regulations (the Regulations).

The Regulations contain requirements for air carriers, airport operators, CATSA and persons to prevent acts of unlawful interference with civil aviation. The Minister of Transport, Infrastructure and Communities has the responsibility to develop the regulations respecting aeronautics under section 4.2 of the Aeronautics Act, R.S., c. A-2, as amended (the Act). The Governor in Council, on the recommendation of the Minister of Transport, Infrastructure and Communities, has the authority to make the Regulations under sections 4.71 and 4.9 of the Act.

The RAIC uses biometric technology as the basis of a secure credential card for personnel who have a defined need to access restricted areas of Canada's major airports. It uses smart card technology, which integrates a small computer chip, including a microprocessor and memory to store two kinds of biometric data: fingerprint and iris templates. These templates are generated by algorithms that encode distinctive features from an individual's iris and fingerprint images. The templates cannot be used to recreate images of the iris or fingerprints. Approximately 120,000 aviation workers will hold a RAIC when enrolment is completed.

At doors giving primary access to the restricted areas of major Canadian airports, cardholders will have either their fingerprint or iris scanned by a biometric reader. The RAIC can also be integrated with existing airport access control systems to give airports the choice of adding access control functions to the card's core function of identity verification and to act as a document of entitlement to enter restricted areas through existing access points.

The RAIC reader performs three tasks. First, it compares the biometric template stored on the card with a live sample presented by the cardholder to ensure that the person presenting the card is the person to whom the card has been issued. Second, it confirms that a security clearance has been issued by Transport Canada and is valid for the holder of the card. Third, it determines if the airport authority has granted access to the holder of the card at a particular restricted area access point. Airport access control remains an airport operator responsibility.

Existing legal instruments allow for the reasonable accommodation of those with physical disabilities.

A RAIC will be deactivated if it is reported as lost, destroyed or stolen or if the holder's transportation security clearance has been suspended or cancelled. Once the original RAIC has been deactivated, the applicant will have to follow the enrolment process to obtain a new RAIC. The cards may be confiscated if they have been deactivated or if the confiscation is required for an aviation security reason.

The amendments will replace Part 3 of the Regulations, including sections of the Regulations referring to the RAP, with a new Part 3 pertaining to the RAIC and airport security generally. Key aspects of the amendments to the Regulations include requirements regarding

• information to be displayed on the RAIC;

• the issue of the RAIC;

• the protection, handling and destruction of personal information;

• the activation and deactivation of the RAIC;

• the integration of access control features into the RAIC;

• record keeping;

• restricted area identification and access control;

• business continuity plans;

• the use of the RAIC and any access control features integrated into the RAIC;

• the presentation and surrender of the RAIC;

• doors, gates, emergency exits and other devices;

• escort and surveillance; and

• unauthorized access to the restricted area.

In addition, the amendments will add Military Police into the definition of "peace officer" and require that the cards display all information printed on them in both of Canada's official languages.

Other requirements necessary to implement the RAIC Program and restricted area access that are of a security-sensitive nature will not appear in the Regulations. These additional requirements will be contained in aviation security measures made under the Act and will only be available to persons with a need and right to the information in accordance with the Act.

The amendments to the Regulations will also move the provisions of the Airport Restricted Area Access Clearance Security Measures directly into the Regulations. The Airport Restricted Area Access Clearance Security Measures, which are currently incorporated by reference in the Regulations, will be repealed.

The amendments to the Regulations will introduce a new definition of "sterile area" that will support the interpretation and clarification of current regulatory instruments as well as future aviation security regulatory requirements.

The amendments to the Regulations are scheduled to come into force on December 31, 2006. It should be noted that several airports have already commenced the Program on a voluntary basis.

Maintaining the status quo would leave in place a potential security vulnerability, which could be eliminated by using the automated verification processes of the RAIC Program. It would also represent a failure to meet the commitment made by the Government of Canada in 2002 to improve on the existing RAP. A failure to do so could negatively impact public confidence in the security of aviation transportation, as well as that of international partners. Finally, as most of the funding for this program has already been committed, there would be little financial benefit to the status quo. Therefore, this option is not recommended.

A voluntary program was determined to be unfeasible. A Canada-wide identity verification system was desired, which would not be possible if the RAIC was deployed inconsistently throughout Canada. Regulations were thus deemed necessary to ensure a secure and workable program.

Implementation of the RAIC Program would meet the Government of Canada's 2002 commitment, eliminate a key security vulnerability in aviation transportation, and have a positive impact on public perception of the security of aviation transportation. In addition, as most of the funding for this program has already been committed, there would be little financial impact to government or industry. This option is therefore recommended.

The capital and operational costs associated with the RAIC will be borne by CATSA. Starting in 2002, the capital cost for the project was set at $17.5 million with an operation budget of $7.5 million for 2002-2007 (total of $25 million).

This Regulation will not discriminate between airport operators, as all affected operators are eligible for implementation funding. As regulations governing access already exist, the collective incremental and operational costs incurred by the amendments will not represent a significant burden for airport operators.

There are a number of benefits to the amendments to the Regulations. The primary benefit is that the amendments will reduce the risk of an aviation security incident. While it is difficult to quantify the reduction in risk that would result from the implementation of the amendments, security authorities in foreign governments and international organizations have identified similar programs as essential security tools.

In the worst case, an aviation security incident could result in a devastating loss of life, destruction of property and damage to the environment, as occurred during the attacks of September 11, 2001. Impacts to the Canadian economy could be expected to be direct and indirect. Indirect impacts are measured by the impacts one economic sector has on others through its demands on those sectors' goods and services as inputs for its own production processes.

In 2004, Canadian commercial aviation industries accounted for $3.78 billion (all figures in 1997 dollars), or approximately 0.4% of the GDP. International air commodity trade totalled $79 billion.

Based on the events of September 11, 2001, it could be anticipated that a major aviation security incident would result in a two- to three-day complete shutdown of the aviation sector, with major impacts on other modes of transportation. The resulting fear of flying would impact passenger volumes, which could then take two to three years to return to previous levels. This would also impact airports, as carriers adjusted flights to reflect lower demand levels, as well as NAV CANADA. It is also reasonable to expect that there would be significant new expenses to government and industry to satisfy the requirements of international partners. A minor incident, such as the use of the Canadian aviation system as a conduit by persons representing a threat to international aviation security, could have impacts ranging from a partial shutdown of the aviation sector to a complete shutdown.

Benefits to the Program could include increased passenger confidence in aviation transportation and greater efficiency in identifying immediate threats to aviation security, thus increasing security overall.

The impact on business is predicted to be low. There may be some increase to sales, as passengers may feel safer travelling by air with the RAIC Program in place. There may also be some temporary job gains during the enrolment process.

In accordance with the Cabinet Directive on the Environmental Assessment of Policy, Plan and Program Proposals, and the Transport Canada Policy Statement on Strategic Environmental Assessment, a strategic environmental assessment (SEA) of this proposal was conducted, in the form of a preliminary scan. The SEA concluded that the amendment is not likely to have important environmental effects. Further assessments or studies regarding environmental effects of this initiative are not likely to yield a different determination.

A key indirect positive outcome for the environment can be expected from the reduction in the risk of a major security breach or event (e.g. terrorist attack) with catastrophic environmental and human consequences.

In accordance with the Privacy Impact Assessment Policy of the Treasury Board of Canada, a privacy impact assessment was conducted by CATSA to identify the privacy and security related risks that are associated with its operation of the RAIC Program and to find ways to mitigate those risks. CATSA, airport operators and Transport Canada are involved in the collection, use, retention and disclosure of personal information required for the proper operation of the Program and each of them is subject to legislative requirements with respect to record keeping, information and privacy.

The amendments to the Regulations will require the purging of biometric templates from the CATSA RAIC database as soon as possible in accordance with the Access to Information Act, the Library and Archives of Canada Act and the Privacy Act. In addition, CATSA never receives the name of the RAIC holder or of the person to whom a biometric template belongs and the amendments to the Regulations contain a prohibition against an airport providing the identity of the RAIC holder to CATSA except for repairs. To allow for the Program to work with this prohibition, a number is assigned to the biometric template and is imbedded in the card so that a match can be confirmed by CATSA when the card is scanned at or in a restricted area. With the exception of when a repair is done almost no information that can be traced to a RAIC holder is disclosed to CATSA by an airport. However when there is a need for CATSA to repair the system, CATSA may have access to personal information. The regulation will prohibit CATSA from retaining, using, collecting or disclosing any personal information they may see during the repair. CATSA is not allowed to have access to this information without the approval of an airport. An airport, however, may provide information to Transport Canada about a RAIC holder or an applicant for a RAIC for security clearance purposes.

Biometric templates are created and stored on the card. Once the templates are stored on the card, the airport operator purges the template from the airport's databases. A template is a mathematically generated number extracted from key points within an image. Only iris and fingerprint templates are stored on the card, not images. The templates cannot be used to recreate an image of an iris or fingerprint, and cannot be used to identify an individual other than for the purposes of the RAIC Program.

The regulatory amendments are consistent with the principles of Smart Regulation in minimizing the regulatory burden on Canadians as much as possible, while reducing the risk of threats to the aviation transportation system. Transport Canada has consulted with industry and labour representatives and other federal government departments and agencies during the development of the regulatory amendments. Where areas of concern have arisen, they have received full consideration. The Program has been developed keeping in mind to the greatest extent possible legal, privacy, and security considerations.

Airport operators were directly involved with the development of the RAIC Program. The Regulations were developed using feedback from consultations and input from stakeholders. Regular consultations on the amendments to the Regulations were held with aviation security stakeholders since 2002. Key participants in the consultation process included CATSA, airport operators, air carriers, associations and labour groups. In addition to the consultations held by Transport Canada, CATSA also held consultations and information sessions including a demonstration of RAIC enrolment equipment for labour groups. Additional feedback was sought from stakeholders through secretarial means. Major concerns expressed during this process are identified below:

Privacy concerns: Some stakeholders expressed concern that workers' biometric information could be used for purposes other than intended by the RAIC Program. Transport Canada assured stakeholders that the templates created from iris and fingerprint scans could not be reverse engineered and that templates would be held only by CATSA. The Regulations would require the purging of biometric templates from the CATSA RAIC database as soon as possible in accordance with the Access to Information Act, the Library and Archives of Canada Act and the Privacy Act. In addition, CATSA has access to the identity of RAIC holders in accordance with the conditions set out in section 37.1.

Safety concerns regarding iris scanners: Some stakeholders expressed concerns that iris scanners could cause damage to the human eye. CATSA assured stakeholders that it had collected information on this concern and found that there has been no safety concern identified with iris scanners. The scanner operates by taking an image of the eye in a manner similar to a digital camera.

Confiscation of the RAIC for reasons other than aviation security: Some stakeholders expressed concerns that a RAIC might be confiscated by airport operators for punitive reasons unrelated to aviation security. Transport Canada has assured stakeholders that this is not the intent of the amendments to the Regulations. A RAIC may only be confiscated if is has expired or has been reported as lost or stolen, if the card has been deactivated, or if a cardholder refuses to submit to a screening at a restricted area access screening point. The Minister, airport operators and peace officers may also confiscate a RAIC if it is necessary to do so for reasons respecting aviation security.

These amendments were pre-published in the Canada Gazette, Part I, on November 11, 2006. The department received comments in relation to the amendments from seven stakeholders.

Air Canada, WestJet, Teamsters Canada, the Canadian Union of Public Employees and the Canadian Airport Council forwarded comments and concerns that were discussed during the program development and in earlier consultations with stakeholders. Some of the comments were on program elements that will be captured in other regulatory instruments while other comments were on policy that will remain unchanged such as Transport Canada Inspector credentials or to allow airports the authority to seize a restricted area identity card for reasons respecting aviation security.

CATSA, the Saskatoon Airport Authority and the Canadian Airport Council provided comments that required minor amendments to the Regulations. The amendments are needed to clarify and reflect the operational realities at airports. Section 37.1 has been amended so airport operators may grant CATSA access to the airports' database in order to maintain or repair the identity verification system, so long as CATSA's access to a person's identity is incidental to the maintenance or repairs. CATSA is prohibited from collecting, using, disclosing or retaining any of the personal information they may see while repairing a computer problem with the system. This business requirement for CATSA to maintain and repair the system was omitted in the Canada Gazette, Part I. Section 46.4 has been changed to make it clear that airport operators may choose to have someone else take care of access control to restricted areas as long as the airport ensures that it is done. For example CATSA performs this task at pre-board screening on behalf of the airport operator. This amendment reflects current business practices already performed at airports which was omitted in pre-publication. Section 47.2 was amended by removing the requirement for CATSA to ensure that an airport operator was performing a back-up of the CATSA system database. This function is performed automatically at airports and is therefore redundant. Section 52.5 was amended to meet the operational intent of the requirement that is to require airport operators ensure escort vehicles be provided but not necessarily provide the actual vehicle. For example an air carrier may use their company vehicle as the escort vehicle.

Transport Canada inspectors will use established methods to determine compliance with the Regulations. Violations may result in administrative monetary penalties being assessed under sections 7.6 to 8.2 of the Act. The RAIC Program will retain offences that applied to the existing restricted area pass program. The amendments that are "offence-creating" will be designated for the purposes of the administrative monetary penalty process. See Part II of this RIAS below.

The Designated Provisions Regulations list certain regulations and orders made pursuant to the Act that may be enforced by means of an administrative monetary penalty assessed by the Minister of Transport. These regulations and orders include the Regulations.

Transport Canada's policy on the enforcement of aviation security regulations is based on voluntary compliance, but administrative action in the form of a monetary penalty may be taken in respect of designated provisions when voluntary compliance is not achieved or in the case of flagrant violations. Under the Act, the maximum monetary penalty that can be assessed is $5,000 in the case of an individual and $25,000 in the case of a corporation, although the Designated Provisions Regulations can establish lower ceilings in respect of the contravention of specific provisions.

Designation of a provision in the Designated Provisions Regulations precludes prosecution of the contravention as an offence in the criminal courts. The assessment of a monetary penalty by the Minister of Transport can be appealed to the Transportation Appeal Tribunal of Canada.

The amendments to the Designated Provisions Regulations reflect the amendments to the Regulations. The item numbers for existing designated provisions will be re-numbered but will not otherwise be affected by the amendments.

No alternatives were considered. The contravention of a non-designated provision could result in enforcement through the already burdened court system. The monetary penalty scheme is an effective method of enforcing regulations, and the Transportation Appeal Tribunal of Canada permits individuals and corporations to challenge penalties without the need of a court appearance. These amendments will also align the Designated Provisions Regulations with the amendments to the Regulations.

Designating new regulatory provisions for enforcement by way of the administrative monetary penalty scheme benefits both government and industry by avoiding costs associated with the courts. The cost to individuals, industry and government associated with enforcement of these requirements is assessed as lower than enforcement through the court system and the outcome more expedient.

These amendments have no additional impact on compliance and enforcement mechanisms.

There are no environmental impacts associated with the amendments to the Designated Provisions Regulations.

No consultations were conducted. Monetary penalties that may result from these amendments are comparable to provisions already contained in the Designated Provisions Regulations.

Following pre-publication an amendment was made to section 37.1 of the Canadian Aviation Security Regulations that also resulted in an amendment to the Designated Provisions Regulations.

Sandra Miller
Chief
Regulatory Planning and Services
Regulatory Affairs—Security
Transport Canada
Place de Ville, Tower C, 13th Floor
330 Sparks Street
Ottawa, Ontario
K1A 0N5
Telephone: (613) 998-9605
FAX: (613) 996-6381
E-mail: millers@tc.gc.ca