Cybersecurity and Government Contracting: False Claims Act Considerations

As the recent SolarWinds Orion attack makes clear, cybersecurity will be a focus in the coming years for both governmental and non-governmental entities alike.  In the federal contracting community, it has long been predicted that the government’s increased cybersecurity requirements will eventually lead to a corresponding increase in False Claims Act (FCA) litigation involving cybersecurity compliance.  This prediction may soon be proven true, as a December 2020 speech from Deputy Assistant Attorney General Michael Granston specifically identified “cybersecurity related fraud” as an “area where we could see enhanced False Claims Act activity.”  This post discusses recent efforts to use the FCA to enforce cybersecurity compliance — and, based on those efforts, what government contractors may expect to see in the future. Continue Reading

Technically Still Yours: Court Holds that Contractors May Mark Unlimited Rights Data with a Proprietary Legend

If your company delivers technical data to the Department of Defense, you should take a close look at the Federal Circuit’s decision issued yesterday in The Boeing Co. v. Secretary of the Air Force.

The Court acknowledged that contractors may retain ownership and other interests in unlimited rights data, and it held that they may take steps to put third parties on notice of those rights.  In particular, the Court held that, in addition to the standard legends required by the Defense Federal Acquisition Regulation Supplement (“DFARS”), contractors may also include a legend notifying third parties of the contractor’s retained rights.

Continue Reading

Expansion of the Procurement Collusion Strike Force

Just over a year after launching the Procurement Collusion Strike Force (“PCSF”), the U.S. Department of Justice’s Antitrust Division (“DOJ”) announced new measures to further its pursuit of antitrust and related crimes in government procurement, grant, and program funding.  These changes expand the PCSF’s enforcement capacity and signal DOJ’s enduring—and intensifying—commitment to the PCSF’s mission.

The PCSF has added 11 new national partners: the Department of Homeland Security Office of the Inspector General, the Air Force Office of Special Investigations, and nine new U.S. Attorneys.  As a result, the growing PCSF coalition now includes 29 agencies and offices, including U.S. Attorneys in 22 federal judicial districts; the Federal Bureau of Investigation; and Offices of Inspectors General at six federal agencies.  The PCSF also named the Antitrust Division’s Daniel Glad as the Strike Force’s first permanent director, solidifying the PCSF’s institutional role at DOJ.  Glad previously served as an Assistant Chief at the Antitrust Division’s Chicago Office. Continue Reading

How is DoD Planning to Use the Supplier Performance Risk System (SPRS)?

As described in an earlier blog post, the Department of Defense (DoD) released an Interim Rule on September 29, 2020 that address DoD’s increased requirements for assessing whether contractors are compliant with the 110 security controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 (NIST 800-171).[1]  Under this new Interim Rule, DoD offerors must have a current assessment on file with DoD to document their compliance with NIST 800-171 before they can be eligible to be considered for award.  The Interim Rule specifically requires contractors to ensure that a summary score from an assessment conducted under DoD’s NIST 800-171 Assessment Methodology is submitted into a DoD enterprise application called the Supplier Performance Risk System (SPRS).[2]  We evaluate below how DoD may use the NIST 800-171 assessment scores in SPRS, as well as how updates to SPRS more generally are likely to impact contractors.

Continue Reading

Department of Labor Requesting Information on Federal Contractor Workplace Diversity Training

On October 21, 2020 the Department of Labor’s Office of Federal Contract Compliance Programs (“OFCCP”) published a Request for Information (“RFI”) seeking voluntary submissions of workplace diversity and inclusion training information and materials from federal contractors, federal subcontractors, and their employees. The RFI was published pursuant to Executive Order 13950, Combating Race and Sex Stereotyping (“EO”) issued on September 22, 2020, which prohibited certain “divisive concepts” in workplace trainings and instructed OFCCP to solicit information from federal agencies and contractors about the content of their training programs.  The EO also directed OFCCP to establish a hotline to investigate complaints received under the EO, as well as Executive Order 11246. The hotline, and a corresponding email address, were established on September 28, 2020. We provided a full description and explanation of the requirements of the EO here.

Under the new RFI, contractors may submit comments and other information to OFCCP by December 1, 2020, but any submission of information is strictly voluntary.  As discussed below, prior to making any submission, contractors should consider carefully the nuances of the EO and RFI and the potential implications of making a voluntary submission.

Continue Reading

Third Circuit Addresses the Scope of the FCA’s First-to-File Bar

Under the False Claims Act’s (“FCA”) first-to-file bar, “no person other than the Government may intervene or bring a related action based on the facts underlying the pending action.”  But can a relator amend her complaint to add, remove, or substitute relators without violating the first-to-file bar?  Recently, the Third Circuit in In re Plavix answered “yes,” and concluded that the first-to-file bar does not preclude adding another relator through joinder, substitution, or an amendment.  Instead, the first-to-file bar applies when a private party attempts to intervene in an FCA case under Federal Rule of Civil Procedure 24 or when a private party attempts to bring a new action on the same facts underlying the pending action.

The Third Circuit’s decision in In re Plavix raises numerous questions for practitioners.  Below, we summarize the court’s decision, and highlight potential arguments that do not rely on the first-to-file bar as a basis for dismissal.

Factual Background of In Re Plavix

Three individuals formed a limited liability partnership in order to bring an FCA suit against two pharmaceutical companies.  While the litigation was underway, one individual left the partnership, and another individual joined the partnership in his stead.  The partnership amended the complaint, retaining the partnership as the sole relator, but reflecting the change in the partnership’s membership.

The defendants moved to dismiss, invoking the first-to-file bar.  The defendants argued that the partnership that filed the initial complaint (“original partnership”) was a distinct entity from the partnership that filed the amended complaint (“new partnership”) due to the change in the partnership’s membership.  Because the new partnership was the relator in the operative complaint, the defendants contended that the new partnership intervened in violation of the first-to-file bar.

The district court granted the motion to dismiss.  In ruling for the defendants, the court viewed the original partnership as a distinct entity from the new partnership.  Because the new partnership was the relator in the operative complaint, the district court held that the new partnership impermissibly “intervened” within the meaning of the first-to-file bar.

Third Circuit’s Interpretation of the First-to-File Bar

The Third Circuit vacated and remanded in a unanimous opinion.

Before delving into the merits of the case, the court addressed a procedural issue — whether the first-to-file bar is jurisdictional.  The court answered that question in the negative, holding that the first-to-file bar is not jurisdictional.

Turning to the merits, the Third Circuit certified several threshold questions relating to partnership law to the Delaware Supreme Court.  After receiving input from the Delaware Supreme Court, the Third Circuit agreed with the district court’s premise that the original partnership was a distinct entity from the new partnership.  The Third Circuit, however, disagreed with the district court’s conclusion, and held that dismissal was not warranted under the first-to-file bar.  In reaching its holding, the Third Circuit distinguished intervention from other methods of joining an existing case — e.g., joinder, impleader, interpleader, and substitution.  The court explained that parties to a case take action to bring third parties into the case through methods other than “intervention,” such as joinder, impleader, and interpleader.  By contrast, “a third party intervenes when he injects himself between two existing sides . . . .  The choice to intervene is made not by the existing parties, but by the intervenor,” under Rule 24.   Given that distinction, the Third Circuit held that the first-to-file bar prohibits intervention under Rule 24, but does not preclude parties from adding, removing, or substituting a relator through an amendment.  Therefore, the first-to-file bar did not prohibit the new partnership from replacing the original partnership by way of an amended complaint

Key Takeaways for FCA Defendants

Based on the Third Circuit’s ruling in In re Plavix, defendants should keep the following considerations in mind when asserting a first-to-file challenge.

  • Timing of a first-to-file challenge: The Third Circuit is the latest circuit to address whether the first-to-file bar is jurisdictional.  Currently, the circuits are divided on whether the first-to-file bar is jurisdictional — the First, Second, and D.C. Circuits share the Third Circuit’s view, but the Fourth, Fifth, Sixth, Ninth, and Eleventh Circuits have reached the opposite view.  Whether the first-to-file bar is jurisdictional affects the timing of a first-to-file challenge, which party carries the burden on a first-to-file challenge, and the type of evidence that can be submitted during a first-to-file challenge.  Because the first-to-file bar is not jurisdictional in the Third Circuit, a defendant litigating in the Third Circuit must raise the first-to-file bar in a Rule 12(b)(6) motion, has the burden to prove that the first-to-file bar precludes a relator’s entry into the suit, and must follow Rule 12(b)(6)’s standard for submitting evidence that is extrinsic to the complaint.  Defendants litigating in other circuits, however, might not follow the same approach.  Thus, a defendant should consider whether the first-to-file bar is jurisdictional under binding circuit precedent before asserting a first-to-file challenge.  If the first-to-file bar is jurisdictional under binding precedent, the defendant may challenge jurisdiction at any time; the relator bears the burden of persuasion in establishing jurisdiction; and the defendant may submit evidence in connection with its jurisdictional challenge.
  • Potential arguments under Rule 15: As the Third Circuit alluded in In re Plavix, an amendment that is permissible under the first-to-file bar might “exceed the bounds of Rule 15.”  Therefore, if a new relator is added, removed, or substituted in an amended complaint, a defendant should consider if it has colorable grounds for opposing leave to amend under Rule 15.  Courts may deny leave to amend in cases of undue delay, bad faith, dilatory motive, unfair prejudice, or futility.
  • Potential arguments under the original source provision: When a new relator is added to an FCA case, the defendant should consider assessing whether the relator is “an original source of the information.”  As the Third Circuit acknowledged, the original source provision “limit[s] who can be a proper plaintiff,” and is distinct from the first-to-file bar.  The original source provision comes into play only if there has been a qualifying public disclosure before the case is filed.  Therefore, assuming the defendant can identify a qualifying public disclosure, the original source provision might be another means of seeking dismissal of an FCA suit brought by a new relator.
  • Potential counterarguments to the Third Circuit’s interpretation of the scope of the first-to-file bar: If the scope of the first-to-file bar is litigated in other circuits, relators may rely on the Third Circuit’s reasoning, and claim that the first-to-file bar applies only to Rule 24 motions.  There are several counterarguments that defendants may consider including in their response.  For example, the In re Plavix defendants emphasized the difference in language between the first-to-file bar and other provisions of the FCA:  While other provisions of the FCA expressly refer to specific Federal Rules of Civil Procedure, the first-to-file bar does not reference any Rule, much less Rule 24.  That distinction suggests that the first-to-file bar’s reach is not limited to Rule 24 or to any other Federal Rule of Civil Procedure.  While the Third Circuit did not address that argument in its opinion, the argument may gain traction in other courts.
  • This blogpost does not constitute legal advice, nor does it establish an attorney-client relationship. Please consult with an attorney if you have any questions relating to any topics discussed in this blogpost.

Department of Defense’s Interim Rule Imposes New Assessment Requirements But is Short on Detail on Implementation of CMMC

On September 29, 2020, the Department of Defense (DoD) released an interim rule that industry hoped would provide clear guidance with regard to DoD’s implementation of its Cybersecurity Maturity Model Certification (CMMC) framework.  The vast majority of the rule focuses on DoD’s increased requirements for confirming that contractors are currently in compliance with all 110 security controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 (NIST 800-171).  The interim rule also includes a clause for adding CMMC as a requirement in a DoD contract, but the clause fails to address many of the questions that industry has with regard to implementation of the CMMC program.  The rule becomes effective November 30, 2020.  We have written previously on NIST 800-171 and the CMMC here and here respectively.

DoD has been focused on improving the cyber resiliency and security of the Defense Industrial Base (DIB) sector for over a decade.  The Council of Economic Advisors estimates that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.  The interim rule is one of multiple efforts by DoD focused on the broader supply chain security and resiliency of the DIB and builds on existing FAR and DFARS clause cybersecurity requirements.  Increasing security concerns coupled with recent high-profile data breaches have led DoD to move beyond self-certification to auditable verification systems when it comes to protecting sensitive Government information.

Continue Reading

President Trump Issues Executive Order Prohibiting “Divisive Concepts” in Federal Contractor Trainings

On September 22, 2020, President Trump issued the Executive Order on Combating Race and Sex Stereotyping (“EO”) establishing requirements aimed at “promoting unity in the Federal workforce,” by prohibiting workplace training on “divisive concepts,” including “race or sex stereotyping” and “race or sex scapegoating” as newly-defined in the EO.  The EO is broadly applicable to executive departments and agencies, Uniformed Services, Federal contractors, and Federal grant recipients.  The EO expands on a letter issued in early September by the Director of the Office of Management and Budget (“OMB”) that directed all agencies to begin to identify contracts or other agency spending on trainings that include “critical race theory,” “white privilege,” or “un-American propaganda,” in an effort to ensure “fair and equal treatment of all individuals in the United States.”

Following the EO, on September 28, 2020, OMB issued a Memorandum for the Heads of Executive Departments and Agencies (the “Memo”) with additional guidance aimed at assisting agencies in identifying diversity and inclusion trainings for agency employees that may be subject to the EO.  The Memo suggests that agencies conduct keyword searches of training materials for specific terms, such as “intersectionality,” “systemic racism,” and “unconscious bias.”  Although the Memo primarily explains the terms of the EO, it also provides additional insight concerning the breadth of agency trainings that may ultimately be considered to violate the terms of the EO, which are described below.

Although the EO is likely to be subject to legal challenge (as more fully discussed below), federal contractors, including subcontractors and vendors, could be subject to the compliance requirements outlined below as soon as November 21, 2020. Continue Reading

New Section 889 Restrictions Included in Updated Uniform Guidance Regulations from the Office of Management and Budget

On August 13, 2020, the Office of Management and Budget (OMB) released new revisions to its Guidance for Grants and Agreements set forth under 2 CFR (commonly referred to as the Uniform Guidance).  The Uniform Guidance governs the terms of federal funding issued by agencies, including grants, cooperative agreements, federal loans, and non-cash assistance awards.  This includes federal awards to state and local government agencies, which are generally required to flow down certain provisions of the Uniform Guidance to organizations that they contract with.  Accordingly, the guidance is relevant both when an organization receives funding directly from the Government and when an organization receives funding from a federally funded state or local program.

Among other notable changes to the Uniform Guidance is the implementation of Section 889(b) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 through the addition of 2 CFR § 200.216, which prohibits federal award recipients from using loan or grant funds to enter into contracts (or to extend or renew contracts) with entities that use covered telecommunications equipment or services.[1]  Because of its impact on state and local procurements, as well as on billions of dollars in other federal funding distributed to agencies, this is expected to significantly expand the reach of the Section 889 statutory prohibition, which we have covered in several other prior blog posts.

OMB’s guidance is somewhat contradictory with regard to the implementation of Section 889 in the Uniform Guidance.  On the one hand, the preamble states that new section, 2 CFR § 200.216, is intended to “prohibit Federal award recipients from using government funds to enter into contracts (or extend or renew contracts) with entities that use covered telecommunications equipment or services.”  Further, OMB states that “[t]his prohibition applies even if the contract is not intended to procure or obtain, any equipment, system, or service that uses covered telecommunications equipment or services” indicating that OMB intended for the restrictions to apply to telecommunications equipment or services used by an entity even if that entity is providing non-connected commodities.

On the other hand, the actual language in 2 CFR § 200.216 does not refer to a restriction on entering into contracts with entities that use covered telecommunications equipment and services.  Rather, the prohibition in section 200.216 is limited to the use of federal funds to procure or contract for covered telecommunications equipment or services.  The regulatory prohibition, which closely mirrors the statutory language in Section 889(b)(1) states:

Recipients and subrecipients are prohibited from obligating or expending loan or grant funds to:

(1) Procure or obtain;

(2) Extend or renew a contract to procure or obtain; or

(3) Enter into a contract (or extend or renew a contract) to procure or obtain equipment, services, or systems that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.

Thus, although the preamble indicates a broader intention, the actual regulatory language appears to impose only the limitations of Section 889(a)(1)(A) on recipients.  Similarly, although not entirely clear, the language of the statute can be read to limit the loan and grant fund prohibition to Part A’s procurement ban.  In addition, 2 CFR § 200.216 also does not appear to prohibit the procurement or use of covered telecommunications equipment or services where the equipment or services is purchased using non-federal funds.

Consistent with this approach, the new guidance clarifies that telecommunications and video surveillance costs associated with purchases prohibited by 2 CFR § 200.216 are unallowable.  (2 CFR § 200.471.)  In recognition of the costs associated with complying with the prohibitions on covered technology and the importance of ensuring users continue to have access to communications services, the Uniform Guidance requires federal awarding agencies to work with OMB to prioritize funding and technical support to assist affected businesses, institutions, and organizations.  The funds should be prioritized as “reasonably necessary” to help affected entities transition from covered technologies to replacement technologies.

Recipients of federal funds should be mindful of the new prohibitions contained in 2 CFR § 200.216 and ensure that they are appropriately segregating their costs going forward, particularly as compliance with the new provision will almost certainly be closely evaluated by auditors, awarding agencies, and pass-through entities alike.  Entities that contract with state and local governments will need to be mindful of the new requirements and may begin to see in the short term new contract language incorporating the requirements of 2 CFR § 200.216 from state and local agencies where federal funds are being used, such as state and local transportation projects which commonly receive funding from the Federal Transit Administration.

[1] Other notable changes to the regulations not discussed in depth in this post include among others: (i) expanding the ability of award recipients to elect use of a de minimis 10% indirect cost rate even where they have previously held Negotiated Indirect Cost Rate Agreements with federal agencies (2 CFR § 200.414); (ii) expanding the definition of fixed amount awards to allow Federal awarding agencies to apply the provision to both grant agreements and cooperative agreements (2 CFR § 200.201); (iii) making technical clarifications to key definitions within the regulations such as “recipient,” “subsidiary,” and “period of performance” (2 CFR § 200.201); and (iv) raising the micro-purchase threshold to $10,000 and the simplified acquisition threshold to $250,000, as well as allow recipients to request approval to operate under a micro purchase threshold in excess of $10,000 (2 CFR § 200.320).

[Updated] If the Acting DHS Secretary Was Unlawfully Selected, What Does that Mean for DHS Procurements?

The Government Accountability Office (“GAO”) released a decision on Friday finding that the Department of Homeland Security (“DHS”) followed the wrong order of succession after Secretary Kirstjen Nielsen resigned in April 2019.  As a result, the Acting Secretaries who have served since then were invalidly selected.  In particular, GAO has questioned the appointments of Acting Secretary Chad Wolf, former Acting Secretary Kevin McAleenan, and Deputy Secretary Kenneth Cuccinelli.

GAO’s decision tees up a thorny question for DHS contractors:  If these officials were invalidly selected, what does it mean for the agency’s policies and procurement decisions made during their tenure?

Continue Reading