Helping individuals, companies, and organizations understand key legal and practical considerations for promoting compliance and making better business decisions in these types of federal, state, and local government contracting matters MORE

Cybersecurity issues are not going away anytime soon and the risk of noncompliance for contractors is ratcheting up. In a recent ruling in a Civil False Claims Act (FCA) Qui Tam case, Judge Shubb of the Eastern District of California determined that the whistleblower’s allegations – – that a company’s statements regarding the status of its compliance with a Department of Defense (DoD) cybersecurity clause were half-truths — met the FCA’s “materiality” standard for purposes of surviving a motion to dismiss. Judge Shubb found the alleged statements to be “material” representations even though the contracts were for missile defense and rocket technology, and not cybersecurity. In issuing this ruling, the Court held that these facts met the “materiality” threshold for denial of the motion because, considering the facts in the light most favorable to the qui tam relator, the Government might not have awarded the contracts if it had known the full extent of the contractor’s compliance with the cybersecurity provisions. Significantly, the Court did not find that the Government’s continued contracting with the contractor after learning of the allegations in the complaint was dispositive of whether the alleged misrepresentations were material. It held that the test of materiality is whether the misrepresentations were material at the time that the Government was entering into the relevant contracts. The Court also did not find the Government’s decision not to intervene in the case to be instructive, holding that there could be many reasons apart from the merits of the case for the Government’s lack of intervention. Further, the Court was unpersuaded by the fact that the Government has continued to change the cybersecurity requirements after issuance of the initial clause in order “to ease the burdens on the industry” since this did not address whether the contractor’s technical compliance with the initial clause mattered to the Government for this particular set of contracts. See U.S.A. ex rel. Brian Markus v. Aerojet Rocketdyne Holdings, and Aerojet Rocketdyne, Inc., E.D. Cal. Docket No. 2:15-cv-2245 WBS AC, ___F.3d ___, 2019 WL 2024595.

Under the Civil False Claims Act, a false or fraudulent claim may be actionable where it is claimed that the person or entity “knowingly presents, or causes to be presented, a false or fraudulent claim for payment or approval” or “knowingly makes, uses, or causes to be made or used, a false record or statement material to a false or fraudulent claim.” 31 U.S.C. §§ 3729(a)(1)(A) and (B). The Supreme Court decision in Universal Health Servs., Inc. v. U.S. ex rel. Escobar (Escobar), has interpreted these provisions to include the situation where a person or entity makes an implied certification for such a claim for payment, approval, or action, by failing to disclose noncompliance with material statutory, regulatory, or contractual requirements which would make those representations misleading half-truths.

The cybersecurity clauses at issue include Department of Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012, Safeguarding of Unclassified Controlled Technical Information (November 2013), which was implemented in 2013 and requires, inter alia, that “The Contractor shall provide adequate security to safeguard unclassified controlled technical information from compromise.” DFARS 252.204-7012(b). The standards for cybersecurity were revised in subsequent iterations of the clause and the clause was renamed in 2015, “Safeguarding Covered Defense Information and Cyber Incident Reporting.” The previous version of the clause called for compliance with National Institute of Standards and Technology (NIST) Special Publication 800-53 (NIST SP 800-53) security controls, or an alternative control or protective measure. As currently revised, DFARS 252.204-7012 requires that covered information systems of DoD contractors, and their subcontractors and similar contractual instrument holders, comply with the version of NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, in effect at the time the solicitation is issued, or as authorized by the Contracting Officer. This current standard requires that covered contractors safeguard all types of Covered Defense Information (CDI), including Unclassified Controlled Technical Information (CTI) and other Controlled Unclassified Information (CUI). Covered DoD contractors include those that provide supplies or services in the performance of  contracts for the DoD, except for contractors only providing commercial off-the-shelf  (COTS) items, and who receive, use, create, transit, or store CDI. It also includes those contractors providing “operationally critical support.”

The case also identifies the National Aeronautics and Space Administration (NASA) cyber provision, 48 C.F.R. § 1852.204-76, as listing relevant security requirements for contractor-handling of sensitive but unclassified information. The current version of that NASA provision states that the contractor “shall protect the confidentiality, integrity, and availability of NASA Electronic Information and IT resources and protect NASA Electronic Information from unauthorized disclosure.” However, the provision also states that the “contractor shall afford  Government access to the Contractor’s and subcontractors’ facilities, installations, operations, documentation, databases, and personnel used in performance of the contract … to carry out a program of IT inspection (to include vulnerability testing), investigation and audit to safeguard against threats and hazards to the integrity, availability, and confidentiality of NASA Electronic Information or to the function of IT systems operated on behalf of NASA, and to preserve evidence of computer crime.”

Given the evolving state of current cyber provisions, the decision should be of concern to contractors at all tiers of the Government contract supply chain. DoD has in fact revised its cyber provision on multiple occasions, stating that a company will be considered to be compliant with the clause where it has a documented System Security Plan (SSP) and Program and Milestones (POAM) to implement compliance with the NIST SP 800-171’s 110 security controls, and it is taking steps to implement that SSP. Moreover, while the current NASA provision provides for the contractor to protect its covered information and resources, it also provides that NASA will engage in actions to inspect, test, investigate and audit the contractor and its subcontractor to safeguard against threats and hazards.

When vying for a government contract, vendors hope to avoid the need for protest and litigation. But solicitation documents aren’t perfect. Often, the evaluation process isn’t either. When issues arise, vendors are left in a tricky position: Do you dispute the issue during the procurement process, possibly angering the people tasked with evaluating your bid? Or, do you abide by the solicitation documents as written and raise the issue later if you aren’t the winning bidder?

• Don’t Wait To Raise Known Procurement Defects

At the federal level and in many states the answer is clear; regulations require vendors to alert the procurement authority to patent defects at the earliest opportunity or forever waive the right to do so. Missouri law contains no such requirement, though standard solicitation terms provide a mechanism for vendors to ask questions during the solicitation period. This has historically permitted vendors to avoid the above dilemma by waiting to complain of defects in the solicitation documents during a bid protest and/or litigation.

Recently, however, intervening vendors competing in state government bid protest litigation have successfully obtained dismissal of their competitors’ procurement protests by arguing that the failure to alert the Missouri Office of Administration (OA) to identified problems in the solicitation documents early on constituted a waiver of any claim based on those problems. In the wake of such decisions, OA has begun to cite the failure to complain of defects during the solicitation period as a basis for denying bid protests. In light of these developments, vendors should alert OA to any perceived defects in solicitation documents as early as possible to protect their legal rights.

• Consult With Counsel Early To Ensure You Timely Identify Your Protest Grounds

This and other legal developments highlight the importance of involving experienced counsel early when a bid protest is likely. Last year, in State ex rel. Robison v. Lindley-Myers, the Missouri Supreme Court reversed longstanding precedent and held that parties to all administrative proceedings (including less-formal proceedings like bid protests, which lack many features of litigation) must exhaust their administrative remedies before filing a lawsuit. While the full ramifications of this ruling are still playing out, it has begun to have effects in bid protest litigation.

The practical effect of this ruling is that a disappointed bidder must raise all its legal arguments during the bid protest process or risk losing the right to raise them in subsequent litigation challenging the results of the defective procurement. In Missouri, bid protests must be filed within 10 business days of a contract’s award. Because a disappointed bidder often won’t have access to its competition’s bid until the award is made, there is little time to evaluate potential legal claims and prepare a compelling bid protest. The need to exhaust remedies has heightened the importance of a thorough and persuasive bid protest, since an awarded contract may well go into effect before a disappointed vendor can reach the courthouse. The above-noted need to raise defects in solicitation terms even before submitting a bid likewise reduces the time to contemplate legal theories and highlights the importance of consulting with counsel early.

Stinson’s government contract attorneys can help. We have experience dealing with OA at all stages of the procurement process and identifying viable grounds for protest. If you are involved in a procurement where the need for a bid protest is likely, contact us today.

In trying to pool resources amongst related entities, lines may blur as to whether the personnel on a given project are employed by the domestic entity in accordance with the contract requirements and terms of proposal. While the facts of ABS Development Corporation, ASBCA Nos. 6022, et al. are on the extreme side of noncompliance, the decision offers a good reminder of the importance of doing what you say you’re going to do—particularly where the issue involved is material to contract award.

In ABS, the Armed Services Board of Contract Appeals (ASBCA) declared a contract void ab initio after determining the subject work was performed by the contractor’s non-U.S. parent company. The contract related to certain construction work on an Israeli Navy shipyard with an amended contract price of approximately $46 million. The work was restricted to “United States firms only” and offers from non-U.S. firms would be rejected.

The contractor, ABS, was a Delaware corporation based in New York, but was a subsidiary of Ashtrom International, Ltd., which was wholly owned by Ashtrom Group Ltd. (an Israeli company). After the Government communicated some initial concerns regarding the lack of ABS personnel on the ground in Israel, ABS responded that it would “directly prequalify and employ all Construction Management personnel. In total, ABS’s revised proposal represented that 20 management and design-level positions that the original proposal indicated would be filled by Ashtrom Group personnel would be filled by ABS personnel who would be on-site in Israel.

ABS eventually brought claims against the Government seeking additional compensation and an extension of time to the contract performance period. It also challenged the government’s assessment of liquidated damages for alleged late completion of the contract work. In response, the Government contended the contract was void ab initio because ABS allegedly misrepresented that it would have on-site ABS project managers in Israel to obtain the contract, but did not actually hire anyone to work in Israel.

During discovery, ABS’s CEO testified at his deposition that all of the funds paid to ABS during performance were then transferred to the Ashtrom Group—Israeli companies. There was also evidence that “ABS understood that the project was too big for it, and wanted Ashtrom to carry it out.” Contrary to the representations it made in its revised proposal, ABS never hired an on-site project manager. Nor did it hire any of the other individuals depicted in its proposed personnel chart. Instead, the Israeli-based “Ashtrom Group paid those persons, with money transferred to Ashtrom Group by ABS.”

The ASBCA looked at the distinction between a standard breach claim and one for misrepresentation:

When a contractor makes a promise of future performance in a proposal and later fails to perform, this generally will be a basis for liability for breach of contract but not for misrepresentation; to also prove misrepresentation, the government must prove a misrepresentation at the time of proposal, such as that the contractor did not intend to perform or knew it could not perform. Where an appellant has obtained a contract through a material misrepresentation, with no realistic intention of performing in accordance with that representation, the contract is void ab initio, resulting in denial of the appeal.

(internal citations omitted).

The ASBCA ultimately found that ABS never hired anyone to perform on-site work and that it never actually intended to hire any on-site personnel. It further found that had ABS “not misrepresented to the contracting officer that it would hire ABS personnel to fill key, on-site management positions, the contracting officer would not have awarded ABS the contract.” As a result, the contract was found void ab initio.

A new Personal Net Worth requirement for MBE/WBE certification is set to take effect in Kansas City, Missouri on October 1, 2019.  It applies to everyone, and could have a significant impact.

New Requirements

On October 25, 2018, the Kansas City Council amended the rules that govern the City’s Minority & Women Business Enterprise Program (Chapter 3, Code of Ordinances, Sections 3-421 to 3-469).  Most of the amendments went into effect on Nov. 5, 2018; however, some become effective at a later date.  One such post-dated amendment is the addition of a Personal Net Worth requirement for MBE/WBE owners.  See Sections 3-421(a)(34), (36), (47), and 3-461.

Under the new rules, as of October 1, 2019, in order to qualify for certification as an MBE or WBE, each individual owner’s Personal Net Worth must be equal to or less than the permissible Personal Net Worth amount determined by the U.S. Department of Transportation to be applicable to its DBE program.  That threshhold is currently $1.32 million.  Under the KCMO Code, Personal Net Worth is defined generally as “[t]he net value of the assets of an individual after total liabilities is deducted.”  Section 3-421(a)(36).  However, it excludes the individual’s ownership interest in the business that is seeking certification and also excludes the individual’s equity in his or her primary place of residence.  It includes only the individual’s share of assets held individually or jointly with his or her spouse.

The KCMO Code is silent as to whether retirement assets must be included in the determination of Personal Net Worth.  Under the Federal DBE rules, Personal Net Worth includes the present value of the individual’s retirement assets less the tax and interest penalties that would apply if distributed.  It is unclear whether the Human Relations Department will require such assets to be included.

Impact

As of October 1, 2019, any business that seeks certification as an MBE/WBE under the KCMO Code must demonstrate by written documentation or affidavit that each owner’s Personal Net Worth does not exceed $1.32 million.  Moreover, if a company is already certified as an MBE/WBE and does not meet the Personal Net Worth threshhold, it will be required to report the issue to the Human Relations Department.  This is because the Code requires certified companies to provide notice of material changes within 30 days:

Once certified, an MBE/WBE must notify the department in writing within 30 calendar days of any change(s) in circumstances affecting the firm’s ability to meet ownership, control, or size requirements or any material change(s) in the information provided in the certification application process.

Section 3-461(o).  If an MBE/WBE fails to provide timely notification of such changes, it can be deemed to have failed to cooperate and its certification may be revoked.  Id.

We recommend that MBE/WBE owners begin looking at this Personal Net Worth issue now, and contact their counsel for advice on how it may impact the company’s ability to qualify for certification in Kansas City, Missouri.

E.O. 13858 Reiterates the Need for Strict Application of Buy American Rules on Infrastructure Projects

On January 31, 2019 President Trump issued his “Executive Order on Strengthening Buy-American Preferences for Infrastructure Projects” (E.O. 13858). The Order is a re-assertion of and expansion upon his April 18, 2017 “Executive Order on Buy American and Hire American” (E.O. 13788), which aimed to maximize the use of U.S.-made goods in federal contracts and grants. The new Buy American Executive Order focuses exclusively on infrastructure projects, but it expands the coverage of E.O. 13788 in that context to include not only contracts and grants, but also other forms of federal financial assistance, including cooperative agreements and projects funded through direct appropriations.

In addition to singling out construction contractors, subcontractors, and suppliers for particular scrutiny, E.O. 13858 emphasizes the importance of maximizing the use of goods, products, and materials produced in the United States. As defined in E.O. 13858, “produced” is expanded to include manufactured products; components of manufactured products; and materials such as steel, iron, aluminum, and cement. The new Executive Order also makes clear that it covers other products, including plastics and polymer-based products such as polyvinyl chloride pipe; aggregates such as concrete; glass, including optical fiber; and lumber.

Both of these Executive Orders, taken in conjunction with the President’s National Security Strategy announced in December 2017, reflect the Trump Administration’s belief that the United States must be cognizant of and take steps to preserve the national manufacturing base and infrastructure in the face of threats coming from unconventional, in addition to conventional, areas.  For example, there are clear concerns about foreign country activities to offer to sell or actually sell products, such as steel or aluminum, at below market prices to deprive U.S. domestic producers of sales of such goods (foreign dumping), as these types of activities ultimately may drive such producers out of business and restrict the future availability of domestic sources in the market, threatening the economic well-being and national security of the United States.

E.O. 13858 seeks to reduce waivers under the Buy American Act (BAA), Federal Acquisition Regulation (FAR), and the Trade Agreements Act (TAA), by construing waivers for the “maximum utilization of goods, products, and materials produced in the United States” and requiring “appropriate account of whether a significant portion of the cost advantage of a foreign-sourced product is the result of the use of dumped steel, iron, or manufactured goods or the use of injuriously subsidized steel, iron, or manufactured goods” and “integrat[ing] any findings into its waiver determination as appropriate.”

Takeaways

Federal contractors should always make sure that they comply with the terms of solicitations under which they compete, and ultimately the contracts under which they perform, including maintaining detailed records of the various aspects of their federal contract compliance. However, President Trump’s latest Executive Order makes maintaining meticulous procurement records and analyzing compliance with Buy American rules even more essential. Some examples of how the Executive Order will impact contractor practices including:

  • Reduced availability of exceptions to Buy American laws and regulations: The Executive Order directs purchasing agency officials to grant fewer exceptions to the requirements of Buy American laws and regulations. For example, it can be expected that agency procuring officials will need to provide clear proof of the domestic nonavailability of products or components in the quantities and qualities they require before they can obtain a class or individual waiver of the domestic component or end product requirement rule at their agency under the nonavailability exception. And, in future, we may see agency procurements that increase the price differential that must exist to trigger the application of the price unreasonableness exception that allows an agency to procure an offer to provide a lower priced nondomestic product when there is a higher priced offer to provide a domestic product.
  • Increased likelihood of Bid Protests to challenge Buy American compliance: Where procurements contain provisions to give effect to the new Executive Orders, we may see increased numbers of bid protest challenges where, e.g., a challenger has evidence that the awardee would furnish a non-domestic product or the procuring agency erred in its Buy American price reasonableness assessment.
  • Increased likelihood of Government audit of Buy American compliance under the contract: Given the Government’s focus on ensuring strict compliance with Buy American requirements, it can be expected that the Government will be checking to confirm that the contractor is delivering what it promised in its proposal and contract. Contractors should keep detailed records of the cost and country of origin of all materials used and delivered under its contracts.
  • Increased risk of Federal Claims: Greater scrutiny of material sources and record keeping makes it more likely that the Government may seek an appropriate remedy if there is delivery of a noncompliant product. Such remedies may include replacement of the noncompliant product at contractor cost, repayment of amounts paid the contractor for the delivery, or even debarment or suspension where the noncompliant product is delivered or used in a Federal construction project.
  • False Claims: Where a contractor delivers product that is not what it was required to provide under the contract, this also raises the risk that the Government or a whistleblower may assert a violation of the False Claims Act if there is evidence that the contractor’s noncompliance in its performance of the contract or subcontract was intentional or made with reckless disregard for the contractor’s requirement to comply.

All this means that more attention will be paid to more construction companies. To avoid any potential issues, construction contractors should keep detailed paperwork on the country of origin of all construction materials, including manufactured products and their components, as well as aluminum, steel, concrete, and iron. Additionally, where contractors would seek waivers of Buy American provisions, they will need to ensure that they have comprehensive documentation to support any request for waiver to the BAA or TAA.

If you have questions about these Executive Orders, Buy American provisions, or other aspects of Federal government contract, grant or agreement matters, contact a member of our Government Contracts Practice Group.