Industry questions DHS liability plan

Seeks better safeguards to protect company information

Safety Act FAQs

What is the Safety Act?

The Support Antiterrorism by Fostering Effective Technologies Act, or Safety Act, was included in the Homeland Security Act of 2002, the legislation that created the Department of Homeland Security. The act provides limited liability protection to companies supplying "qualified anti-terrorism technologies" to federal, state and local governments, as well as commercial enterprises, in the event that an act of terrorism jeopardizes operation of those technologies.

Why is there a Safety Act?

IT firms said they could not get enough insurance to cover their potential multimillion- or multibillion-dollar losses from lawsuits resulting from a technology failure. Without protection, they said they would be unlikely to offer the government homeland security solutions.

What is new?

An interim rule implementing the Safety Act was published Oct. 16 in the Federal Register and at Homeland Security is asking for comments on the interim rule by Dec. 15. Comments may be submitted at or

The application for Safety Act protection was published Oct. 16 at

How will it work?

According to the interim rule, Homeland Security will consider pre-applications within 21 days of receipt. The department's response will indicate whether the technology solution is promising, doubtful or uncertain.

Applicants can use the department's preliminary review to improve their application. Once an official application is received, it will be processed within 150 days "unless we get flooded with applications," said department official Parney Albright. The department will approve or deny protection under the act, or ask for more information, he said.

The department is asking for "extremely detailed financial information that we don't think is necessary for DHS to have." ? Harris Miller of ITAA

Henrik G. de Gyor

The department is asking for "the minimum amount of information necessary to do what Congress asked us to do." ? Parney Albright of DHS

Henrik G. de Gyor

Kent Blossom of IBM Corp. is one of many company officials concerned over product and service information DHS wants in order to grant liability protection.

Olivier Douliery

The government's plan for giving limited liability protection to homeland security products and services is coming under fire from contractors and some lawmakers, who said the government is unnecessarily requesting detailed information about the companies and their products.

Government contractors also expressed concern about how well the Homeland Security Department, which oversees the limited liability program, will safeguard proprietary company information.

The department Oct. 16 released the application form that companies would use to apply for protection. Comments are due Dec. 15 on an interim rule that details how the protections will be implemented.

Harris Miller, president of the Arlington, Va.-based Information Technology Association of America, said the department is asking for "extremely detailed financial information that we don't think is necessary for DHS to have. The kind of information they require would take an econometrist months to analyze."

The Safety Act, part of the Homeland Security Act of 2002, limits the liability of sellers of qualified anti-terrorism technologies if a terrorist attack occurs and the sellers' products or services fail through no fault of their own.

When companies apply for protection, Homeland Security officials will determine if their technologies merit liability protection and what level of insurance the companies should be required to carry.

Industry executives said that, in some cases, companies have been reluctant to sell their technologies to the government without liability protection. They said Safety Act protection is needed to defend their firms from financial ruin if their technologies fail because of a terrorist attack.

A day after the form was published at, Rep. Tom Davis, R-Va., complained that Homeland Security Department officials had not finalized the application process more quickly.

"We're fighting a war on terror. If we're going along as business as usual, we're not going to get the technology products out there that we need. We have companies out there screaming and not knowing what is going on," Davis told department officials at an Oct. 17 hearing of the House Government Reform Committee.

[IMGCAP(2)]DHS official Parney Albright told Davis he agreed that anti-terrorism technologies must be protected under the act as quickly as possible, but said implementing the Safety Act has been swifter than a typical 18 to 24 month government rule-making.

The Safety Act became law in November 2002. The process of implementing the act has taken seven months so far, from proposed rule to interim rule to published application form. Albright, the department's assistant secretary for science and technology, said the final rule should be published within three months.

"This is not a situation where we want to act as business as usual," Albright said. "I'm proud of the fact that the department has gotten an extremely lengthy process condensed to seven months."

But now that the application has been published, industry executives said they have new fears:

  • That the Department of Homeland Security is asking for too much company data that is either proprietary or nonexistent;

  • That the application will take hundreds -- or even thousands ? of hours to fill out;

  • That sensitive information about their technologies and company finances will not be adequately safeguarded.

At the Oct. 17 hearing, industry and Homeland Security officials seemed so far apart in their evaluations of the application process that Rep. Ed Schrock, R-Va., said the department seems "on a different planet."

At the hearing, Albright said the information DHS requested about the cost of the technology should be readily available to applicants. In interviews and at the hearing, industry executives said in many cases it is not.

[IMGCAP(3)]The department is asking for extremely detailed profit and loss information on a unit-by-unit basis for covered products and services, said Kent Blossom, director of safety and security services for Armonk, N.Y.-based IBM Corp.

"That type of information may be available from companies that strictly make widgets, but in many cases, companies are going to be applying for or looking at a complex, system-integration services program as a total solution. That doesn't necessarily lend itself to a financial analysis seeking minute, product-oriented detail," he said.

Albright said the application for Safety Act protection should take about 108 hours to complete. He said the department is asking for "the minimum amount of information necessary to do what Congress asked us to do."

But Miller testified that ITAA members estimated the application would take 1,000 hours to complete.

The application requirements include three previous years of cost and revenue data for the technology, and projections for cost and revenue three years into the future. Applicants are also required to provide past and future capital and project-related spending necessary to deploy the technology.

Additional requirements call for an insurance evaluation, including coverage levels and expenditures, loss history and risk management plan; and a technical evaluation, including a description of the technology, what it will do, how it will be used, an assessment of its effectiveness and the risk to the public if the technology is not deployed.

Industry executives also said they're afraid Homeland Security officials won't be able to protect the proprietary information they'll have to submit in the application.

"While the department continues to make strong statements recognizing the importance of protecting proprietary data, it remains to be seen how that protection will be provided," said Stan Soloway, president of the Professional Services Council, an Arlington, Va., trade group. He recommended that department officials develop proprietary data marking, by which applicants could highlight the parts of their applications they consider proprietary.

Albright said Homeland Security officials believe legal protections for proprietary data and national security information, such as the Freedom of Information Act and the Trade Secrets Act, will be enough to preserve applicants' sensitive data.

At a DHS seminar on the Safety Act this month in Washington, department official Holly Dockery, DHS director of Safety Act implementation, told industry attendees that everyone who touches the applications will be bound by nondisclosure agreements and conflict of interest restrictions.

And Albright said department officials are still discussing the protection of proprietary data. "Should we find we need more protection, we'll work with Congress to make that happen," he said.

Despite their concerns, executives said they're fairly pleased with the department's efforts to implement the act. Now they're hoping for some changes.

"We've had extensive discussions with DHS, and I think the department has made significant progress, but we've got significant hurdles to overcome to bring these products to market," Soloway said.

And although Albright said department officials don't think the application process is burdensome, he said the department would try to change the application form if it proves unworkable.

"If it turns out the balance between the burden on the seller and our ability to do due diligence has gotten out of whack, we will be the first to try to fix that," he said. "We really want this to work."

Staff Writer Gail Repsher Emery can be reached at

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.


contracts DB