A call for swift action on Safety Act protections

Liability protections for sellers of anti-terrorism technologies are not being implemented quickly enough, U.S. Rep. Tom Davis told Department of Homeland Security officials at a hearing he held Friday.

The liability protections are laid out in the Safety Act, part of the Homeland Security Act of 2002. The Safety Act limits the liability of sellers of qualified anti-terrorism technologies if a terrorist attack occurs, and the sellers' products or services fail through no fault of the seller.

Technology companies have been eagerly awaiting a rule that governs implementation of the act and an application form that they can use to apply for protection. Those two items became available this week.

"We're fighting a war on terror. If we're going along as business as usual, we're not going to get the technology products out there that we need. We have companies out there screaming and not knowing what is going on," Davis, chairman of the House Government Reform Committee and a Virginia Republican, told department officials.

Department official Parney Albright said he agreed that anti-terrorism technologies need to be protected under the act as quickly as possible, but said the process of implementing the Safety Act has already been far shorter than a typical government rulemaking.

The Safety Act became law in November 2002. The process implementing the act has taken seven months so far, from proposed rule to interim rule to published application form, said Albright, the department's assistant secretary for science and technology. He said the final rule should be published within three months.

The rulemaking process usually takes 18 to 24 months, Albright said.

"This is not a situation where we want to act as business as usual," Albright said. "I'm proud of the fact that the department has gotten an extremely lengthy process condensed to seven months."

Albright said the department has gotten a very small number of applications for protection so far, and has no way of knowing how many it will receive. But, he added, "We hear anecdotally there is this pent-up demand" for liability protection.

Harris Miller, president of the Information Technology Association of America, said members of the Arlington, Va., trade group are pleased with the department's "overall positive approach," but are concerned about how the department is implementing the act.

Miller said technology company executives are concerned that the department doesn't have a process for prioritizing applications for Safety Act protection, and that the department is requiring too much information on the application form. Miller said the department should first review applications for technologies where procurements are already underway, and for technologies that fulfill department priorities.

He said the department is asking for "extremely detailed financial information that we don't think is necessary for DHS to have. The kind of information they require would take an econometrist months to analyze."

The application requirements include three prior years of cost and revenue data for the technology, and projections for cost and revenue three years into the future. Applicants are also required to provide past and future capital and project-related spending necessary to deploy the technology. Additional requirements include a wealth of insurance and technical data.

ITAA members estimate it could take 1,000 hours to fill out the application for Safety Act protection. Albright said the department estimated the application would take about 100 hours to fill out.

"We don't think it's burdensome," Albright said. "We've asked for the minimum amount of information necessary to do what Congress asked us to do."

However, he said the department would try to change the form if it proves unworkable.

"If it turns out the balance between the burden on the seller and our ability to do due diligence has gotten out of whack, we will be the first to try to fix that," Albright said.