SAFETY Act Protection Comes With a Killer Ap The Homeland Security Department has begun accepting applications for approval as “qualified anti-terrorism technologies,” a designation that will offer contractors limited liability protection. But industry representatives say the application is a burdensome monster that requires companies to disclose too much proprietary information. The department estimated it would take from 36 to 180 hours to fill out the application. But Harris Miller, president of the Information Technology Association of America, declared, “Our companies are looking at these applications and thinking it may be closer to 1,000 hours.” “We don’t think it’s burdensome,” said Parney Albright, DHS assistant secretary for science and technology. “We’ve asked for the minimum amount of information necessary to do what Congress asked us to do.” He said the department has created a pre-application process to allow companies to test the waters, submitting enough information to get a preliminary reading on whether their product or service is likely to qualify for designation. The House Government Reform Committee held a hearing on implementation of the SAFETY Act Oct. 17. The act, part of the law creating the Homeland Security Department, gives the secretary the responsibility for approving qualified anti-terrorism technologies. Sellers of the approved technologies would be granted limited protection from product liability lawsuits. Among other things, they would be allowed to use the “government contractor defense.” That defense generally shields a company from liability as long as it supplies a product that meets government specifications and does not conceal any defects or other safety problems. Miller said the application requires “incredibly extensive financial information…which we don’t think is necessary.” Department officials say the financial details are needed to determine, for example, whether the company can buy liability insurance at a reasonable cost; the SAFETY Act is designed to protect companies that cannot get adequate insurance. “In many cases, insurance has become largely unobtainable or so costly as to leave the technologies in question without a market,” Albright testified. “It is hardly surprising that companies are unwilling to bet their existence by developing and deploying services and products in this uncertain climate.” But there are questions about how much insurance a company will be required to carry to qualify for SAFETY Act protection. In announcing the interim rule, the department said, “The Secretary does not intend to set a `one-size-fits-all’ numerical requirement regarding required insurance coverage for all technologies.” Instead, it said each technology will be evaluated individually. Miller, speaking for IT contractors, said, “I fear that when it comes to insurance we may have come full circle here in a way that no one intended, and in a way that ultimately will defeat the purpose of the SAFETY Act.” He said the interim rule requires that, if a company cannot get adequate insurance, it must self-insure up to a set limit of liability. DHS will call upon a wide-ranging network of scientists and engineers to evaluate applications, including offices in the Defense Department, national laboratories and universities. The goal is to turn applications around within 150 days. However, Albright said there is no appeal if an application is denied; the Homeland Security secretary has the final word. An outside appeal “would leave us open, frankly, to capriciousness or second-guessing,” he told the committee. In addition, there is the murky issue of which technologies will qualify for certification if they are already on the market. Albright said existing products and services are not automatically eligible, since the fact that they are already in use may mean they don’t need the law’s special protection. Albright said the department is asking for three kinds of information to decide whether to approve applications: “Technical – Does the technology work? Does it provide useful levels of performance in scenarios of interest? Is it mature enough for near-term deployment? “Threats addressed – What specific threats does the technology address? What is the level of risk exposure to the public if the technology is not deployed? “Economic and actuarial – How does the risk of liability affect demand for the product or its deployability? What are the liability risks?” But industry representatives said the application asks for too many technical details. “The information submitted to the agency will necessarily contain very sensitive confidential and proprietary ... information,” said John Clerici, a Washington lawyer representing the U.S. Chamber of Commerce. “Without assurances of confidentiality, the need to supply this information alone will likely deter sellers.” Albright said he has no idea how many applications to expect – “I couldn’t tell you if we’re going to get 50 or 500 or 5,000" – but added that he believes there is a lot of “pent-up demand” for the department’s certification. Committee Chairman Tom Davis (R-VA) questioned how the department will set priorities for dealing with a flood of applications. “I urge DHS to make as its number one priority the identification, prioritization and qualification of existing anti-terrorism technologies that are now being sought by federal and non-federal entities,” he said. “It is imperative that we protect the highest priority facilities and critical infrastructures in high risk locations.” ITAA’s Miller said the department should give priority to procurements that are already underway and to technologies that the department considers most urgent. The interim rule is FR Doc 03-26217, published in the Oct. 16 Federal Register. Comments are due by Dec. 15.