Union Pacific Railroad Company v. Pipeline and Hazardous Materials Safety Administration ( 2020 )

 United States Court of Appeals
FOR THE DISTRICT OF COLUMBIA CIRCUIT
Argued February 4, 2020               Decided March 17, 2020
No. 19-1075
UNION PACIFIC RAILROAD COMPANY,
PETITIONER
v.
PIPELINE AND HAZARDOUS MATERIALS SAFETY
ADMINISTRATION, ET AL.,
RESPONDENT
On Petition for Review of an Order of the
United States Department of Transportation
Tobias S. Loss-Eaton argued the cause for petitioner. With
him on the briefs were Raymond A. Atkins and Matthew J.
Warren.
Sushma Soni, Attorney, U.S. Department of Justice, argued
the cause for respondents. With her on the brief were Daniel
Tenny, Attorney, Steven G. Bradbury, General Counsel, U.S.
Department of Transportation, Paul M. Geier, Assistant
General Counsel, Peter J. Plocki, Deputy Assistant General
Counsel, and Paul J. Roberti, Chief Counsel, Pipeline and
Hazardous Materials Safety Administration.
2
Before: HENDERSON and GARLAND, Circuit Judges, and
WILLIAMS, Senior Circuit Judge.
Opinion for the court filed by Senior Circuit Judge
WILLIAMS.
Dissenting opinion filed by Circuit Judge HENDERSON.
WILLIAMS, Senior Circuit Judge: Union Pacific Railroad
Company asks us to vacate a regulation that the Pipeline and
Hazardous Materials Safety Administration promulgated under
the Fixing America’s Surface Transportation Act, Pub. L. No.
114-94, § 7302, 

, 1594–96 (2015) (“FAST”).
The railroad contends that the regulation fell short in protecting
the security and confidentiality of information it is required to
disclose.
FAST § 73021 requires the agency to promulgate
regulations governing disclosures to be made by railroads
transporting hazardous materials. The information is to aid
federal, state and local first responders preparing for and
combating emergencies and falls into two classes.
The first type of information includes, for any train
carrying hazardous materials (as defined by the agency, see
§ 7302(b)(5); see also 

), accurate, real-time
“train consist information,” which by statute includes the
number of rail cars and the commodity transported in each car,
§ 7302(a)(1); see also § 7302(b)(7) (defining “train consist”).
Railroads are to send this information to a secure “fusion
center,” § 7302(a)(2), which is a “collaborative effort” of
1
FAST § 7302 is codified as a note to 

. For
reader friendliness, we cite simply to § 7302 rather than the U.S.
Code to sidestep ungainly references to subsections of a note, e.g.,
note(a)(3).
3
various government entities to combat “criminal or terrorist
activity,” 6 U.S.C. § 124h(j)(1). In an emergency, the fusion
centers release the information to local first responders.
The second type of required information is much more
general and applies only to trains transporting particular types
of flammable liquid, known in the statute as “high-hazard
flammable trains.” § 7302(a)(3), (b)(6). The statutorily
mandated regulations are to require the information to be
supplied to state authorities known as emergency response
commissions. The information is to include “a reasonable
estimate” of the weekly number of trains that pass through each
county and some identification of the flammable liquid being
transported. § 7302(a)(3)(A), (C). These rough estimates
allow first responders to know the risks they may face and to
plan accordingly.
The statute’s mandate as to “security and confidentiality”
requires the agency to
. . . establish security and confidentiality protections,
including protections from the public release of proprietary
information or security-sensitive information, to prevent
the release to unauthorized persons [of] any electronic train
consist information or advanced notification or
information provided by Class I railroads under this
section.
§ 7302(a)(6).
This case concerns the second type of information—the
aggregated, county-by-county data. In a separate rulemaking
not at issue here, the agency is addressing the more detailed
train consist information. See Hazardous Materials: FAST Act
Requirements for Real-Time Train Consist Information by
Rail, 

 (Jan. 19, 2017).
4
As required, the agency promulgated a regulation requiring
railroads to provide state emergency response commissions
with the aggregated data. See 

(b). By way
of establishing “security and confidentiality protections,” the
regulation directs railroads to indicate to those commissions
whether they “believe[]” any part of the information is
“security sensitive or proprietary and exempt from public
disclosure.” 

 § 174.312(c). In adopting this directive to the
railroads, the agency found it “sufficient to ensure
confidentiality and security.” See Hazardous Materials: Oil
Spill Response Plans and Information Sharing for High-Hazard
Flammable Trains (FAST Act), 84 Fed Reg. 6910, 6932 (Feb.
28, 2019) (“Final Rule”). The agency’s basic idea was that
notice of this sort would provide state agencies with the
necessary “flexibility” to disseminate the information to the
necessary recipients while also “guard[ing]” against
inadvertent disclosure and enabling states to hold close any
information that is at all sensitive and that may be protected by
state law. Id.; see id. at 6917.
Union Pacific attacks the regulation as insufficiently
protecting the railroad’s data and thus failing to meet § 7302’s
requirement to establish security and confidentiality
protections to prevent access to the information by
unauthorized parties. Because the regulation is neither
dependent on a misreading of the statute nor arbitrary and
capricious, we deny the petition for review.
***
We do not understand the agency, in tackling its obligation
under § 7302(a)(6) to “establish” “security and confidentiality
protections” for the aggregated data, to have supposed that it
could provide no protection for the aggregate data; certainly the
railroad points us to no language adopting such a view. Where
the parties clash is whether the agency can adopt the specific
5
protections at issue here, namely a scheme in which railroads
alert the relevant state agency to the data that they believe the
states should refrain from disclosing.
To the extent that the railroad might be arguing that FAST
requires the agency to adopt the same protective scheme for
every type of disclosed information, whether detailed train
consist information or aggregated county-by-county reports, it
is mistaken. Section 7302 creates multiple classes of
information posing different levels of risk. And its wording
reflects Congress’s judgment that those differences should be
accompanied by other differences. The very precise data go to
fusion centers, the aggregate data to state emergency response
commissions. For the very precise data, fusion centers and
railroads must develop memoranda of understanding regarding
how the centers will receive “secure and confidential access to
the electronic train consist information,” § 7302(a)(1)(B),
whereas no such predicate is stated for the transfer of the more
aggregated weekly data. These differences reflect Congress’s
evidently different purposes for the different types of mandated
notice: responding to an emergency versus preparing for one.
By establishing this bifurcated scheme, Congress
authorized the agency to adopt different measures appropriate
for each type of data. Thus, just as the federal government
maintains different levels of national security classification
(e.g., top secret vs. secret), the agency may apply different
protections for highly sensitive train consist information as
compared to less sensitive aggregated data.
Union Pacific argues that the rule fails to fulfill the purpose
of the security and confidentiality protections as set forth in
§ 7302(a)(6). Specifically it claims that the regulation’s
confidentiality protections do not pass muster because some
states require their emergency response commissions to release
such information under state freedom of information laws; thus,
6
competitors might glean the identity of a railroad’s customers
from the aggregated data, and these competitors may then
poach a railroad’s business. Appellant Br. at 2. And Union
Pacific offers a textual hook for what is ultimately a policy
argument: If a state releases this information to the public,
everyone will have access to the information and the statutory
category “unauthorized person” turns out (in such a state) to
include no one at all.
This argument runs into two distinct problems:
First, as a pure matter of language, the agency’s very
modest solution here has given some substance to the term
“unauthorized person”:        viewed across the nation, the
regulation treats as unauthorized those persons not entitled to
the information under the relevant state’s freedom of
information law. Further, contrary to the dissent’s suggestion,
this reading of the statute doesn’t improperly subdelegate the
agency’s regulatory authority to states. See Diss. Op. at 5–6.
The agency chose a type of security and confidentiality
protection—aimed at protecting against inadvertent public
disclosure (see immediately below)—and adopted regulations
to effectuate that policy. It is no surprise that a statute which
weaves state institutions into its program should lead the
implementing agency to coordinate its action with aspects of
state law. See, e.g., § 7302(a)(4) (delineating when a state
emergency response commission is to disseminate information
to a state “political subdivision,” “public agency,” or “law
enforcement”).
Second and most importantly, the agency made a specific
uncontradicted finding that requiring the railroad to flag the
information to the state response commissions was “sufficient
to ensure confidentiality and security.” Final Rule, 84 Fed.
Reg. at 6932. It noted that the purpose of the statutory scheme
is to allow state and tribal emergency response commissions
7
“to share information with local planning authorities.” Id. It
then concluded that its approach maintained “flexibility” and
ensured that state agencies “disseminate information in
accordance with State laws and procedures.” Id. And it noted
that the information covered by the rule “does not include
customer information or other business identifying details.” Id.
As a result, the agency concluded, its
approach will help guard against inadvertent public
disclosure of protected materials by ensuring that the
information that railroads believe to be confidential for
business or security reasons is marked appropriately.
Before fulfilling a request for information and releasing the
information, States will be on notice as to what information
the railroads consider inappropriate for public release.
Id.
We do not doubt Union Pacific’s suggestion that
aggregated data may sometimes reveal sensitive information
upon analysis. Cf. Halperin v. CIA, 

, 150 (D.C.
Cir. 1980) (“[E]ach individual piece of intelligence
information, much like a piece of jigsaw puzzle, may aid in
piecing together other bits of information even when the
individual piece is not of obvious importance in itself.”). But
during the administrative proceedings Union Pacific provided
not a mote of evidence that the type of data at issue here has
been or even could be so exploited. In fact, the agency
repeatedly noted that “railroads have not demonstrated specific
prospective harm that would be caused by the release of such
aggregated information.” Final Rule, 84 Fed Reg. at 6932;
Hazardous Materials: Oil Spill Response Plans and Information
Sharing for High-Hazard Flammable Trains, 81 Fed Reg.
50,068, 50,084 (July 29, 2016); see also Proposed Agency
Information Collection Activities; Comment Request, 79 Fed
Reg. 59,891, 59,892 (Oct. 3, 2014) (“Commenters do not
8
document any actual harm that has occurred by the public
release of the information required to be provided to the States
under the EO.”). Neither before the agency not in this court,
can the agency “be asked to make silk purse responses to sow’s
ear arguments.” City of Vernon v. FERC, 

, 1047
(D.C. Cir. 1988).
Though couching its argument as one of pure statutory
interpretation (based on the agency’s allegedly rendering the
“unauthorized persons” category meaningless), the railroad is
principally making an argument that the agency acted
arbitrarily in adopting the protections that it did. As we’ve
observed, claims that an agency has adopted an impermissible
construction of a statute and that an agency has acted arbitrarily
both require the court to resolve whether the agency, “in
effecting a reconciliation of competing statutory aims, has
rationally considered the factors deemed relevant” by the
statute. Gen. Am. Transp. Corp. v. ICC, 

, 1053
(D.C. Cir. 1989). Viewed as an APA arbitrary and capricious
challenge, the claim requires the railroad to shoulder the burden
of proof. City of Olmsted Falls v. FAA, 

, 271 (D.C.
Cir. 2002). That means Union Pacific must point to some
evidence to substantiate its claim. See Abington Crest Nursing
& Rehab. Ctr. v. Sebelius 

, 722 (D.C. Cir. 2009).
Union Pacific hasn’t done so.
At oral argument, counsel argued that it would be difficult
for Union Pacific to marshal historical evidence that its
competitors had already used this aggregated data to identify
and poach customers. But assuming the point’s correctness, the
railroad could (for example) have conducted an experimental
analysis to demonstrate how a competing carrier might identify
a customer by piecing together county-by-county information.
It did not. As the adage goes, something (an agency’s finding)
beats nothing (Union Pacific’s unsupported assertion) every
time.
9
From our vantage point, the scope of disagreement
between the majority and dissent is quite narrow. We all agree
that the statute requires the agency to establish something to
protect the information at issue. Diss. Op. at 2. Where we
disagree is whether the agency has met the statutory directive.
Here, the agency developed a mechanism to prevent
inadvertent disclosure. See pp. 7–8 above. At that point we
believe the court must move into the second part of our APA
inquiry, where Union Pacific’s failure to offer any data or even
informed hypothesizing leaves us without authority to disturb
the agency’s factual finding. To be sure, the line between an
agency misinterpreting statutory text versus acting arbitrarily
can be difficult to draw—which is why judges may disagree on
precisely when that line is crossed. But we believe that the
agency recognized and acted in accordance with the statutory
mandate—and so the question becomes how reasonable that
action is in light of the factual record before us. Cf. Diss. Op.
at 7.
***
Because Union Pacific failed to provide evidence to
controvert the agency’s express finding that this rule will
satisfy security and confidentiality concerns as mandated by the
statute, the petition for review is denied.
So ordered.
KAREN LECRAFT HENDERSON, Circuit Judge, dissenting:
“Well done is better than well said.” Benjamin Franklin, Poor
Richard, 1737 (1737), reprinted in Poor Richard's Almanack
57 (U.S.C. Publ’g Co. 1914). The government would do well
to heed Poor Richard’s advice. Its insistence that the regulation
at issue here is “[c]onsistent with the statutory requirements,”
Resp’ts’ Br. 17, contravenes what it in fact did—i.e.,
promulgate a regulation that disregards a vital statutory
requirement. In my view, the majority proceeds
anachronistically, as though we were deciding whether Union
Pacific has established that advanced notification information1
warrants federal protection. The Fixing America’s Surface
Transportation (FAST) Act has already answered whether
federal law should protect this information—the answer is
yes—and delegated to the Secretary of the Department of
Transportation (Secretary) simply how it should be protected.
Because the Secretary, acting through the Pipeline and
Hazardous Materials Safety Administration (PHMSA or
Agency), has not established protections for advanced
notification information as the statute requires, I would vacate
the regulation’s information-sharing provision and remand for
promulgation of regulations that follow the FAST Act’s
command.
The FAST Act unambiguously commands the Secretary to
protect the railroads’ advanced notification information:
[T]he Secretary, in consultation with
appropriate Federal agencies, shall issue
regulations that . . . establish security and
1
The majority labels this information “aggregated.” See, e.g.,
Majority Op. 3 (“This case concerns . . . aggregated, county-by-
county data.”). I prefer the Congress’s term, “advanced notification”
information. Pub. L. No. 114-94, § 7302(a)(3), 

, 1595
(2015). “Aggregated” data in the majority opinion and “advanced
notification” information in the FAST Act are one and the same.
2
confidentiality     protections,      including
protections from the public release of
proprietary information or security-sensitive
information, to prevent the release to
unauthorized persons [of] any electronic train
consist information or advanced notification or
information provided by Class I railroads under
[§ 7302].
Pub. L. No. 114-94, § 7302(a)(6), 

, 1594–95
(2015) (emphasis added). The statutory text makes clear that
the Secretary, not the states, must establish—that is, “bring
about or into existence,” Establish, BLACK’S LAW DICTIONARY
(11th ed. 2019)—security protections for advanced notification
information. Our sole task, therefore, is to decide whether the
Agency complied with the Congress’s mandate. See United
States v. Ron Pair Enters., Inc., 

, 241 (1989)
(“[W]here, as here, the statute’s language is plain, ‘the sole
function of the courts is to enforce it according to its terms.’”)
(quoting Caminetti v. United States, 

, 485 (1917)).
In response to the FAST Act, PHMSA issued regulations
implementing its information-sharing provisions (Rule) by
delegating to Class I railroads the responsibility to “indicate”
whether their statutorily-mandated disclosures “include[]
information that a railroad believes is security sensitive or
proprietary and exempt from public disclosure.” 

(c)(3). Union Pacific contends that the Rule—
invalidly—leaves the actual protection of such information to
state open records and sunshine laws, as was the case before
the FAST Act. See Resp’ts’ Br. 18 (“The final rule thus
provides a formal mechanism by which railroads can alert
states when they believe that particular information should not
be publicly disclosed. The states can then weigh the railroads’
3
assertion of confidentiality or privilege under state law and
render a final determination about disclosure.”). I agree.
To support the Rule, the Agency contrasts “highly
sensitive” train consist information, which presumably
warrants protection, with the “highly aggregated” advanced
notification information it claims is at issue here. Resp’ts’ Br.
16. The majority follows suit, labeling the FAST Act’s
treatment of the two information categories a “bifurcated
scheme.” Majority Op. 5. Although that may be correct
regarding the railroads’ reporting requirements, cf.
§ 7302(a)(1)–(2), (5), (7) (train consist information), with
§ 7302(a)(3)–(4) (advanced notification information), the
distinctions made elsewhere in § 7302 underscore the
Secretary’s duty under § 7302(a)(6)—the only paragraph in the
section that addresses both types of information—to establish
security and confidentiality protections for advanced
notification information as well as train consist information.
Even if the FAST Act does not compel the Secretary to
establish identical protections for both categories of
information, her duty to establish something applies both to
advanced notification information and to train consist
information.
The majority declares that it does “not understand the
agency, in tackling its obligation under § 7302(a)(6) . . . to have
supposed that it could provide no protection for the aggregate
data,” Majority Op. 4, but that is precisely what PHMSA did in
continuing to leave enforcement to the states. Indeed,
PHMSA’s position is that it—i.e., the agency—need not
protect advanced notification information because it is
adequately protected by state law. See Resp’ts’ Br. 17 (“To
ensure appropriate protection of any information under state
law . . . the agency did direct railroads to identify information
‘that a railroad believes is security sensitive or proprietary and
4
exempt from public disclosure’ under state law.”) (emphases
added) (citation omitted)). The FAST Act’s text states
otherwise—not only did the Congress express its intent to
federalize then-existing state protections, see § 7302(a) (“[T]he
Secretary, in consultation with appropriate Federal agencies,
shall issue” regulations.) (emphases added), but, if the Agency
can satisfy § 7302(a)(6) by leaving in place, virtually
untouched, the state enforcement status quo, the entire
paragraph—or at least its reference to advanced notification
information—is superfluous in that it can be totally ignored.
But neither we nor the Secretary can disregard § 7302(a)(6)’s
command that “the Secretary . . . shall . . . establish security
and confidentiality protections” and that the statute applies to
“advanced notification or information provided by Class I
railroads under this section.” See Inhabitants of Montclair Twp.
v. Ramsdell, 

, 152 (1883) (“It is the duty of the
court to give effect, if possible, to every clause and word of a
statute, avoiding, if it may be, any construction which implies
that the legislature was ignorant of the meaning of the language
it employed.”). The majority treats the Secretary’s duty to
establish protections as applying, at most, to train consist
information in futuro, see Majority Op. 3 (“In a separate
rulemaking not at issue here, the agency is addressing the more
detailed train consist information.”), and shrugs off the same
mandate’s application to advanced notification information.
The majority further declares that “[v]iewed as an
[Administrative Procedure Act] arbitrary and capricious
challenge, the claim requires the railroad to shoulder the burden
of proof,” meaning “Union Pacific must point to some evidence
to substantiate its claim.” Majority Op. 8 (citing City of
Olmsted Falls v. FAA, 

, 271 (D.C. Cir. 2002) and
Abington Crest Nursing & Rehab. Ctr. v. Sebelius, 

, 722 (D.C. Cir. 2009)). But the majority, I submit,
misunderstands Union Pacific’s claim. The claim it makes and
5
must substantiate is that PHMSA ignored the FAST Act’s
mandate to establish security and confidentiality protections
for advanced notification information. I believe Union Pacific
has so substantiated its claim and, accordingly, I would declare
the Rule invalid as inconsistent with the FAST Act. See 

(2)(A) (“The reviewing court shall . . . hold
unlawful and set aside agency action, findings, and conclusions
found to be . . . arbitrary, capricious, an abuse of discretion, or
otherwise not in accordance with law.”); see also In re Aiken
Cty., 

, 260 (D.C. Cir. 2013) (“[F]ederal agencies
may not ignore statutory mandates or prohibitions merely
because of policy disagreements with Congress.”). The
majority defers to the Agency’s “specific uncontradicted
finding that requiring the railroad to flag the information to the
state response commissions was ‘sufficient to ensure
confidentiality and security,’” Majority Op. 6 (citing 

, 6,932), because “during the administrative
proceedings Union Pacific provided not a mote of evidence that
the type of data at issue here has been or even could be so
exploited,” id. at 7. But the Agency’s finding is not one that can
be “met” with evidence—the finding itself misreads the statute
and the railroads therefore contest the finding not with contrary
evidence but by relying on the statutory language that PHMSA
disregarded.
Under the Rule, railroads “should indicate” whether their
disclosures “include[] information that [they] believe[] is
security sensitive or proprietary and exempt from public
disclosure.” 

(c)(3). The provision’s force
is unclear. The Agency delegates responsibility to protect such
information to the railroads—it is unlikely that states will treat
as confidential information not labeled as such—but well-
settled precedent forecloses this path. See U.S. Telecom Ass’n
v. FCC, 

, 566 (D.C. Cir. 2004) (Williams, J.)
(“[F]ederal agency officials . . . may not subdelegate to outside
6
entities—private or sovereign—absent affirmative evidence of
authority to do so.”); see also Carter v. Carter Coal Co., 

, 311 (1936) (delegation to “private persons whose
interests may be and often are adverse to the interests of others
in the same business” is “legislative delegation in its most
obnoxious form; for it is not even delegation to an official or
an official body.”). In fact, the Rule’s ambiguous language
renders it unenforceable as to all parties, both federal and state
governments—on which it places no duty—and the railroads,
which are informed only that they “should” indicate whether
they “believe” information is confidential. 

(c)(3). Unenforceable guidance like this falls far
short of the FAST Act’s command that “[t]he Secretary . . .
issue regulations that . . . establish security and confidentiality
protections.” Pub. L. No. 114-94, § 7302(a)(6).
The majority accepts the Agency’s core argument that
advanced notification information does not merit federal
protection. See Resp’ts’ Br. 19 (“The blanket requirement to
establish security protections does not compel the agency to
protect information without regard to whether its release would
cause demonstrable harm or violate federal law.”). I believe
PHMSA’s argument fails for at least three reasons. First, it
fights yesterday’s battle—whether release of advanced
notification information “causes demonstrable harm” and
therefore merits protection was resolved by the Congress when
it enacted the FAST Act. Second, the Agency’s circular
conclusion that advanced notification information need not be
protected because it does not “violate federal law” ignores that
it is required to be protected by the FAST Act, which is a
federal law. In other words, the Secretary’s failure to comply
with federal law—§ 7302(a)(6)—is the very reason advanced
notification information is—again, invalidly—not protected by
federal law today. Third, notwithstanding the majority
emphasizes the fact that the FAST Act “weaves state
7
institutions into its program,” its point about PHMSA’s
decision “to coordinate its action with aspects of state law,”
Majority Op. 6, is especially off key here, as § 7302(a)(6) in no
way suggests that the Secretary’s duty to establish security and
confidentiality protections is to be shared with the states, much
less left to them.
By upholding the Rule’s information-sharing provision,
the majority goes beyond deference and permits the Agency to
ignore unambiguous statutory text. See EEOC v. Arabian Am.
Oil Co., 

, 260 (1991) (Scalia, J., concurring in part
and concurring in the judgment) (“[D]eference is not
abdication, and it requires [courts] to accept only those agency
interpretations that are reasonable in light of the principles of
construction courts normally employ.). The FAST Act
unambiguously commands the Secretary to “establish”
something and, as the majority observes, “something . . . beats
nothing . . . every time.” Majority Op. 8. I respectfully dissent.