Caught in the act

Legislation designed to encourage the private sector to develop and sell new anti-terrorism technologies could have the opposite effect, federal information technology vendors say.

When lawmakers passed the Support Anti-terrorism by Fostering Effective Technologies Act of 2002 — better known as the Safety Act — they intended for the legislation to shield companies from liability lawsuits if their products fail during a terrorist attack.

Homeland Security Department Secretary Michael Chertoff said he wants more companies to take advantage of Safety Act protections. But an arcane and burdensome application process, overly restrictive acceptance criteria and a lack of understanding of procurement practices are discouraging many companies from using the act's protections, said Jennifer Kerber, director of homeland security for the IT Association of America.

According to a National Defense Industrial Association survey in fall 2004, a quarter of responding companies said they passed up chances to bid on contracts because they would not have received Safety Act protection by the time they had won the work.

NDIA and the Professional Services Council concluded in a joint letter to top DHS officials last December that "the absence of an effective and credible route to Safety Act protection, particularly in the context of important government procurements, is depriving the government and the public from receiving offers from the broadest possible array of companies with the potential capability to supply the best products and services for combating terrorism."

Stan Soloway, council president, and Lawrence Farrell Jr., NDIA's president and chief executive officer, co-signed the letter.

DHS officials contend that the department is adequately ensuring that as many technologies as possible receive Safety Act protections. "The purpose of the office is to spur and speed counterterrorism technologies to market, but there is a bar that must be reached," said Donald Tighe, a spokesman for DHS' Science and Technology Directorate, which oversees the Office of Safety Act Implementation.

Companies get protection under the Safety Act through a two-part process, Soloway said. The first is designation, in which DHS officials recognize that a particular product or service has anti-terrorism uses. The second is certification, in which DHS accepts that a specific use of designated products or services merits liability protection.

In the past three years, the Office of Safety Act Implementation has received 218 preapplications, in which companies can probe their chances of success, said Wendy Howe, the office's director. It has received 106 completed applications, and employees are in the process of reviewing 55, she said.

Only seven companies have Safety Act designation, while 16 have been certified, Howe said.

A major reason why companies submit so few applications is that the process is cumbersome, Soloway said. Many companies can't afford to spend months completing an application, he said.

Rapiscan Systems, an Arlington, Va.-based company that develops and sells X-ray machines, metal detectors and similar equipment, started three Safety Act applications more than a year ago, said Peter Kant, the company's vice president of government affairs. The company needed seven months to complete them, and DHS officials followed up with several rounds of additional questions, Kant said. Five months have passed, and he's still waiting for word from DHS on whether the company is protected from liability lawsuits.

The review process can take 150 days or longer, Howe said. Applicants often lengthen the process because they take an average of 62 days to respond to questions from DHS reviewers, she added.

A common complaint about the Safety Act is that DHS' default position toward applications is to reject them, according to the joint letter to DHS. The Safety Act office rejects technologies that are already in use without protection and those that would only be used if they had legal protection under the Act. Companies lose Safety Act protection if they alter their products, which stymies product development and improvements, Soloway and Farrell wrote in the letter to DHS officials.

The Safety Act office also allows members of academia to review applications, Kerber said. Many industry officials worry that university reviewers, unfamiliar with business confidentiality requirements, may leak sensitive proprietary information, she said.

The reviewers are all qualified representatives from government, industry and academia, Howe said.

A complicated application thwarts the purpose of the act, which is to distribute as much of the best new technology as possible, said David Bodenheimer, who specializes in government contracts and homeland security at Crowell and Moring, a Washington, D.C., law firm. A good application would prove that a technology works and could improve security, he said.

Cautious decision-making plays a role in slowing Safety Act implementation, Bodenheimer said. Many companies don't want DHS to know that they are upset with the Safety Act because they want to be approved for it. And they are afraid to market new technologies without its protections, he said.

Bodenheimer said the Safety Act office may have such large application and low approval rates to protect itself from criticism in case an approved technology fails.

In addition to simplifying the application, another way to speed Safety Act certification would be to tie it to procurement, Soloway said. "DHS should be able to use the initial procurement process to deal with many designation requirements," he said.

But "it has been a Herculean effort for us to get [DHS' Science and Technology Directorate] to see the relationship between the Safety Act and procurement," Kerber said. The Safety Act office sees the application process as an academic exercise and technical assessment, while industry sees it as a government procurement certification, she said.

Some industry efforts seem to be working. The Safety Act office has developed a training program to help application reviewers understand the act's judgment criteria and how it relates to the federal procurement process, Howe said. Applicants can notify the office that they wish to participate in a pending procurement. The office has an expedited review process for those applicants, she said.

Changes are coming for the Safety Act. But they might not significantly increase the numbers of applications or approval from industry. The House appropriations bill for fiscal 2006 includes Safety Act provisions and would give more money to the office to streamline its procedures, Kerber said.

The Safety Act office has incorporated industry concerns and its own observations about the application process into a new application that DHS officials are reviewing, Tighe said. No deadline has been set for the new application's release, he added.

The Safety Act office has reached out to other federal agencies to ask them to insert Safety Act considerations into their procurement notices, Howe said.

Companies are hopeful that a fast-track application process for existing technologies will help more of them get certified, Kant said. In the meantime, he said, "we're holding back on issuing new technologies and putting them on the market because we're concerned that the liability protections promised in the Safety Act have not been realized."