Category: Military Law

Department of Defense Issues Final CMMC Rule

On October 11, 2024, the Department of Defense (“DoD”) issued the first part of its final rule establishing the Cybersecurity Maturity Model Certification (“CMMC”) program. As expected, the final rule requires companies entrusted with national security information to implement cybersecurity standards at progressively advanced levels, (CMMC level 1CMMC level 2, and CMMC level 3) depending on the type and sensitivity of the information. While the final rule largely tracks the proposed rule issued in December 2023, we outline below several notable updates DoD included in the final rule and their potential impacts on DoD contractors.

Updated Implementation Timeline

DoD extended the timeline for CMMC implementation. DoD will now roll out the CMMC program in a four-phased approach:

  • Phase 1 will begin in early to mid-2025 when DoD finalizes the second part of its CMMC rule under 48 C.F.R. Part 204. Once that rule is finalized, DoD will begin including CMMC level 1 and CMMC level 2 self-assessment requirements in new solicitations. That is, while DoD contractors will not need to obtain a CMMC certification by Phase 1, they will need to self-assess and affirm compliance with CMMC level 1 and/or level 2 security requirements when competing for new DoD contracts.
  • Phase 2 will begin one year after the start of Phase 1 (~early to mid-2026). During Phase 2, DoD will begin including CMMC level 2 certification requirements in applicable solicitations. Contractors who expect to bid on solicitations requiring a CMMC level 2 certification should plan to obtain that certification by early 2026 to avoid losing out on DoD opportunities.
  • Phase 3 will begin one year after the start of Phase 2 (~early to mid-2027). During Phase 3, DoD will begin requiring contractors to meet the CMMC level 2 certification requirements as a condition to exercise option periods on applicable contracts awarded after the effective date of the CMMC rule. DoD will also begin including CMMC Level 3 requirement in applicable solicitations.
  • Phase 4 will begin one year after the start of Phase 3 (~early to mid-2028). During Phase 4, DoD will include CMMC program requirements in all applicable CMMC solicitations and as a condition to exercise option periods on applicable contracts regardless of when they were awarded.

Narrower Assessment Scope for Security Protection Assets

The final rule narrows the assessment scope for contractors’ Security Protection Assets (“SPA”). Under the proposed rule, certain contractor assets that provide security functions or capabilities (i.e., SPAs) for the protection of controlled unclassified information (“CUI”) had to meet all security requirements of CMMC level 2. The final rule reduces that assessment scope so now SPAs only need to be assessed against “relevant” security requirements. This change should reduce the regulatory burden on contractors because they will no longer need to show how SPAs meet CMMC security requirements that are not applicable to the SPAs being assessed.

External Service and Cloud Service Providers

The final rule provides greater clarity as to when External Service Providers (“ESPs”) are within the scope of a contractor’s CMMC assessment. Under the final rule, if an ESP deals with CUI, then it must be assessed against all CMMC level 2 security requirements and must obtain a CMMC level 2 assessment or certification. By contrast, ESPs that only deal with security protection data (“SPD”)—data used to protect a contractor’s assessed environment—are subject to a more limited assessment and do not require a full CMMC level 2 assessment or certification. A service provider that does not deal with CUI or SPD does not meet the CMMC definition of ESP and presumably is outside the scope of any CMMC assessment.

For Cloud Service Providers (“CSPs”) dealing with CUI, the final rule tracks current DoD security requirements, which require CSPs to meet security requirements equivalent to the FedRAMP moderate baseline. Like with ESPs, CSPs that only deal with SPD are subject to a more limited assessment and CSPs that do not deal with CUI or SPD are outside of the CMMC scope.

© 2024 Blank Rome LLP

Nineteen States Have Banned TikTok on Government-Issued Devices

Governors of numerous states have issued Executive Orders in the past several weeks banning TikTok from government-issued devices and many have already implemented a ban, with others considering similar measures. There is also bi-partisan support of a ban in the Senate, which unanimously approved a bill last week that would ban the app from devices issued by federal agencies. There is already a ban prohibiting military personnel from downloading the app on government-issued devices.

The bans are in response to the national security concerns that TikTok poses to U.S. citizens [View related posts].

To date, 19 states have issued some sort of ban on the use of TikTok on government-issued devices, including some Executive Orders banning the use of TikTok statewide on all government-issued devices. Other state officials have implemented a ban within an individual state department, such as the Louisiana Secretary of State’s Office. In 2020, Nebraska was the first state to issue a ban. Other states that have banned TikTok use in some way are: South Dakota, North Dakota, Maryland, South Carolina, Texas, New Hampshire, Utah, Louisiana, West Virginia, Georgia, Oklahoma, Idaho, Iowa, Tennessee, Alabama, Virginia, and Montana.

Indiana’s Attorney General filed suit against TikTok alleging that the app collects and uses individuals’ sensitive and personal information, but deceives consumers into believing that the information is secure. We anticipate that both the federal government and additional state governments will continue to assess the risk and issue bans on its use in the next few weeks.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.
For more Cybersecurity Legal News, click here to visit the National Law Review.

Not Ship Shape: SEC Sues Retired Chief Petty Officer for Fraudulent Offerings to Navy-Related Victims

The U.S. Securities and Exchange Commission (“SEC”) Office of Investor Education and Advocacy (“OIEA”), which dates from last century, is concerned with explaining aspects of the capital markets for “Main Street” investors and warning them against potential risks and fraud schemes. On Sept. 25, 2017, the Commission announced the formation of the Retail Strategy Task Force (“RSTF”) in its Division of Enforcement. Its purpose is to consider and implement “strategies to address misconduct that victimizes retail investors,” according to the SEC Press Release issued that day. A primary focus area of the OIEA and RSTF is so-called “affinity investments,” i.e., investment offerings aimed at groups such as churches, ethnic communities, college alumni groups, etc.

On Wednesday, July 27, 2022, the SEC filed suit in the Federal Court for the Northern District of Ohio, Eastern Division, against Robert F. Murray, 42, a retired U.S. Navy Chief Petty Officer residing in North Canton, Ohio, for conducting an unregistered offering of securities in Deep Dive Strategies, LLC, an Ohio private pooled investment fund (the “Fund”). Murray controlled the Fund and acted as investment adviser, telling investors the fund would invest in publicly traded securities. Murray marketed the offering through a Facebook group “with over 3500 active duty, reservists and veterans of the U.S. Navy who shared an interest in investing,” according to the Complaint. Most certainly an “affinity” group. Murray also created “a channel on the Discord social media platform where he live-streamed his trading activity and posted trading advice with a focus on options.”

The Fund was organized in September 2020 and solicited investors through February 2021. Although Murray told investors they could change their minds within 15 days and get their money back, in fact he “almost immediately began spending Fund money on personal expenses.” He transferred monies to his personal checking account and even withdrew cash from the Fund, so by February 2021, $148,000, or approximately 42% of the $355,000 invested by the unsuspecting “Goats” (a nickname for the Navy affinity group), had been “misappropriated” (i.e., stolen) by Murray. By March 2021 he had ceased regular communication with the Goats and failed to respond to requests to redeem “invested” dollars. Some of that misappropriated money was lost gambling at casinos in Cleveland and elsewhere in the Midwest.

Murray provided potential investors with both a Disclosure Statement and a copy of the Fund’s Operating Agreement, and the Complaint identifies several material misstatements and omissions in the two documents. In addition, Murray made oral material misstatements and omitted material information when speaking with potential and actual investors. In fact, Murray lost most of the Fund’s brokerage account on Jan. 13, 2021, when GameStop options purchased in the account saw their value plummet. In that connection see my Feb. 2, 2021, Blog “Rupture Rapture: Should the GameStop?” When the SEC began investigating Murray and the Fund, he asserted his Fifth Amendment rights and declined to answer questions.

In the Complaint, the Commission charges Murray with seven different securities law violations, each set out in a separate Count as follows:

  1. Violation of Section 10(b) of the Securities Exchange Act of 1934, as amended, and Rule 10b-5 thereunder by using devices, making untrue statements, and misleading omissions, and engaging in a business which operate as a fraud on securities purchasers.
  2. Violation of Section 17(a)(1) of the Securities Act of 1933, as amended (the “33 Act”), by offering and selling securities by means of interstate commerce using devices to defraud.  Violations of the 33 Act can be proven without the need to prove scienter (broadly, intent).
  3. Violation of Section 17(a)(2) of the 33 Act by obtaining money or property in connection with the sale of securities by means of untrue statements of material facts and making misleading omissions, engaging in transactions which operate as a fraud on the purchaser, where Murray was at least negligent in engaging in these activities.
  4. Violation of Sections 5(a) and 5(c) of the 33 Act by selling securities without the offering being registered (or exempt from registration), and with the use of a prospectus where the offering was not registered.
  5. Violation of Section 206(1) of the Investment Advisers Act of 1940, as amended (the “40 Act”) by acting as an investment adviser using devices to defraud clients and prospective clients.
  6. Violation of Section 206(2) of the 40 Act by acting as an investment adviser engaging in transactions which operate as a fraud on clients and prospective clients.
  7. Violation of Section 206(4) of the 40 Act and Rule 206(4)-8 thereunder by acting as an investment adviser to a pooled investment vehicle, making untrue statements of material fact and making misleading omissions and engaging in acts that are fraudulent with respect to investors in the pooled investment vehicle.

The SEC seeks entry of findings by the Court of the facts cited in the Complaint and of conclusions of law that concur with the Commission’s assertions of violations. In addition, the SEC seeks entry of a permanent injunction against future violations of the cited securities laws; an order requiring disgorgement of all Murray’s ill-gotten gains plus prejudgment interest; an order imposing a civil penalty of $1,065,000; and an order barring Murray from serving as an officer or director of any public company.

Murray preyed on his fellow Naval servicemen in violation of the unspoken understandings of the “Goats,” that a fellow Navy NCO would not seek to take financial advantage of them. That is why the SEC’s July 28, 2022, Press Release reporting this matter includes an express warning from the OIEA and the RSTF not to make “investment decisions based solely on common ties with someone recommending or selling the investment.” One wonders whether, if the Goats were to catch up with Murray, he would be keelhauled.

Article By Peter D. Hutcheon of Norris McLaughlin P.A.

For more securities and SEC legal news, click here to visit the National Law Review.

©2022 Norris McLaughlin P.A., All Rights Reserved

AUVSI and DOD’s Defense Innovation Unit Announce Collaboration for Cyber Standards for Drones

The Association for Uncrewed Vehicle Systems International (AUVSI), the world’s leading trade association for drones and other autonomous vehicles, announced a collaboration with the Department of Defense’s (DOD) Defense Innovation Unit (DIU) to further commercial cyber methodologies to design a shared standard. AUVSI’s effort is meant to expand the number of vetted drones that meet congressional and federal agency drone security requirements.

This pilot program would extend relevant cyber-credentialing across the U.S. industrial base and assist the DOD and other government entities in streamlining and accelerating drone capabilities across the board. Overall, this collaboration will help make the drone industry more secure. The program will work with numerous cybersecurity firms to conduct technical cyber assessments before the DIU, DOD, and other government entities conduct additional vetting as necessary.

Currently, the Blue UAS (Unmanned Aircraft Systems) Cleared List has 14 drones on it and 13 more drones are scheduled to be added. The Blue UAS Cleared List is routinely updated and contains a list of DOD-approved drones for government users. These drones are section 848 FY20 NDAA compliant, validated as cyber-secure and safe to fly, and are available for government purchase and operation. However, even with these additions, the demand for additional cleared drones with new capabilities and technology has outpaced the DIU’s ability to scale the program. This collaboration seeks to close that gap and offer cybersecurity certification in close cooperation with the DIU. With off-the-shelf drones serving as critical tools to help conduct diverse government operations, partnership with AUVSI and cybersecurity experts will make it easier for government users to use commercial technology and achieve effective operations in a secure manner.

Article By Kathryn M. Rattigan of Robinson & Cole LLP

For more cybersecurity and data privacy news, click here to visit the National Law Review.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.

Implications of the Use of the Defense Production Act in the U.S. Supply Chain

What owners, operators and investors need to know before accepting funds under the DPA

There has been an expansion of regulations related to Foreign Direct Investment (FDI) in both the United States and abroad. Current economic and geopolitical tensions are driving further expansion of FDI in the U.S. and elsewhere.

Whether by intent or coincidence, the Foreign Investment Risk Review Modernization Act (FIRRMA) regulations that took effect February 13, 2020, included provisions that expanded the Committee on Foreign Investment in the U.S. (CFIUS) and FIRRMA based upon the invocation of the Defense Production Act (DPA) – such as with President Biden’s recent Executive Order evoking the DPA to help alleviate the U.S. shortage of baby formula.

As background, the U.S. regulation of foreign investment in the U.S. began in 1975 with the creation of CFIUS. The 2007 Foreign Investment and National Security Act refined CFIUS and broadened the definition of national security. Historically, CFIUS was limited to technology, industries and infrastructure directly involving national security. It was also a voluntary filing. Foreign investors began structuring investments to avoid national security reviews. As a result, FIRRMA, a CFIUS reform act, was signed into law in August 2018. FIRRMA’s regulations took effect in February 2020.

It is not surprising that there are national security implications to U.S. food production and supply, particularly based upon various shortages in the near past and projections of further shortages in the future. What is surprising is that the 2020 FIRRMA regulations provided for the application of CFIUS to food production (and medical supplies) based upon Executive Orders that bring such under the DPA.

The Impact of Presidential DPA Executive Orders

The 2020 FIRMMA regulations included an exhaustive list of “critical infrastructure” that fall within CFIUS’s jurisdiction. Appendix A to the regulations details “Covered Investment Critical Infrastructure and Functions Related to Covered Investment Critical Infrastructure” and includes the following language:

manufacture any industrial resource other than commercially available off-the-shelf items …. or operate any industrial resource that is a facility, in each case, that has been funded, in whole or in part, by […] (a) Defense Production Act of 1950 Title III program …..”

Title III of the DPA “allows the President to provide economic incentives to secure domestic industrial capabilities essential to meet national defense and homeland security requirements.” This was arguably invoked by President Trump’s COVID-19 related DPA Executive Orders regarding medical supplies (such as PPEs, tests and ventilators, etc.) and now President Biden’s Executive Order related to baby formula (and other food production).

Based on the intent of FIRRMA to close gaps in prior CFIUS coverage, the FIRRMA definition of “covered transactions” includes the following language:

“(d) Any other transaction, transfer, agreement, or arrangement, the structure of which is designed or intended to evade or circumvent the application of section 721.”

Taken together, the foregoing provision potentially gives CFIUS jurisdiction to review non-U.S. investments in U.S. companies covered by DPA Executive Orders that are outside of traditional M&A structures. This means that even non-controlling foreign investments in U.S. companies (such as food or medical producers) who receive DPA funding are subject to CFIUS review. More significantly, such U.S. companies can be subject to CFIUS review for a period of 60 months following the receipt of any DPA funding.

As a result of DPA-related FDI implications, owners, operators, and investors should carefully assess the implications of accepting funding under the DPA and the resulting restrictions on non-U.S. investors in businesses and industries not historically within the jurisdiction of CFIUS.

Article By David Vance Lucas of Bradley Arant Boult Cummings LLP

For more administrative and regulatory legal news, click here to visit the National Law Review.

© 2022 Bradley Arant Boult Cummings LLP

Law Firms Respond to Russia’s Invasion of Ukraine: How the Legal Industry & the Public Can Help

On February 21, 2022, Russian President Vladimir Putin ordered ground troops into the eastern Ukrainian provinces of Donetsk and Luhansk. Invading under the guise of establishing independence for the region on February 24, Russia started bombing key points of interest around the country, including the capital city of Kyiv. At the time of writing, the skirmishes remain ongoing, with Russia expanding its invasion force as the days go on.

The ramifications of Russia’s war are widespread. In Ukraine, infrastructural damage is considerable, an estimated 2 million civilians are evacuating or have been driven from their homes. The death toll remains uncertain at this time, but the Ukrainian health ministry estimates that hundreds of citizens have been killed as a result of the violence. Globally, financial markets are in a state of rapid flux, seeing huge rises in inflation, a strained supply chain and plummeting stock prices.

Law firms in the United States and abroad have responded to the conflict by offering pro bono services in anticipation of resultant legal complications and organized means by which money can be donated to Ukrainian humanitarian efforts.

How Have Law Firms Responded to Russia’s Invasion of Ukraine?

In some instances, firms have also closed offices in Ukraine to protect workers, and severed ties with Russian businesses. Law firms that have closed offices in Ukraine include Dentons, CMS and Baker McKenzie, which have closed offices in Kyiv.

“Dentons has established a taskforce to monitor and manage the crisis situation, with a primary focus on protecting our people,”  Tomasz Dąbrowski, CEO of Dentons Europe, told the National Law Review“We are in regular contact with our team in Kyiv and are providing our colleagues and their families with any possible assistance, including transport, relocation and accommodation assistance in the neighboring countries. Furthermore, we have seen a wave of kindness and generosity from our people across Europe, who have volunteered to provide accommodation in their homes for Ukrainian colleagues.  Furthermore, in addition to the financial support our Firm is providing to our Ukrainian colleagues, we have also received financial donations from around the world to help them resettle.”

Many law firms have announced they are closing offices in Russia, including Squire Patton Boggs, Latham & Watkins Freshfields Bruckhaus Deringer, Akin Gump Strauss Hauer & Feld and Morgan Lewis & Bockius, among others. Norton Rose Fulbright announced March 7 that they are winding down their operations in Russia and will be closing their Moscow office as soon as they can, calling Russia’s invasion of Ukraine “increasingly brutal.”

“The wellbeing of our staff in the region is a priority. We thank our 50 colleagues in Moscow for their loyal service and will support them through this transition.”

Norton Rose Fulbright said they “stand unequivocally with the people of Ukraine,” and are taking steps to respond to the invasion.

“Some immediate actions are possible and we are taking them. We are not accepting any further instructions from businesses, entities or individuals connected with the current Russian regime, irrespective of whether they are sanctioned or not. In addition, we continue to review exiting from existing work for them where our professional obligations as lawyers allow. Where we cannot exit from current matters, we will donate the profits from that work to appropriate humanitarian and charitable causes,” the statement read. “We are working with our charitable partners in every region to raise funds to help the people of Ukraine, as well as providing pro bono support to those Ukrainians and others who are being forced to relocate.”

Law firms have also stepped forward to offer pro bono assistance to those affected by the Russian invasion of Ukraine.

Law Firms Offering Pro Bono Assistance to Ukraine

Akin Gump Partner and Pro Bono Practice leader Steven Schulman explained how the legal industry is collaborating and working to provide assistance:

“So what we often do in these crises, we will self organize, [and] say who’s a point person who knows what’s going on, and then we will share information so that again, we’re lightening the load on the legal aid organizations.”

Another law firm offering assistance to Ukraine is  Covington & Burling, which the country hired to help pursue its claim against  Russia at the International Court of Justice (ICJ). Specifically, Ukraine asked the court to order Russia to halt its invasion. Covington filed a claim on behalf of Ukraine to the ICJ.

Nongovernmental organizations (NGOs) are providing emergency aid in Ukraine, as well as in neighboring countries, such as Poland, Hungary, Slovakia and Romania to help people displaced by the war as they come across the border, Mr.Dąbrowski said. These organizations are providing food, water, hygiene supplies and other necessities, and urgent psychological counseling. Specific NGOs on the ground in Ukraine include Mercy CorpsFight for Right, Project HOPEHungarian Helsinki Committee, and  Fundacja Ocalenieamong others.

However, NGOs need cash donations in order to keep providing aid. Mr.Dąbrowski detailed what pro bono work Dentons is doing, and how the firm is supporting NGOs:

“Our Positive Impact team is in touch with numerous NGOs and lawyers from our firm to identify opportunities for pro bono legal advice, mainly in the countries which share a border with Ukraine.  We are already working with NGOs in Poland and Hungary which are helping Ukrainian refugees displaced by the war. We are assisting with issues related to employment law, contracts, establishment of charitable foundations, etc… We are also in discussions with an international relief agency which is looking to set up operations within Ukraine.

While men between the ages of 18 and 60 are currently prohibited from leaving Ukraine, as of March 10, 2022, the conflict has created one of the largest refugee crises within the last few decades.

“We have activated our registered charitable foundation to collect donations from our people around the world to support Ukrainian families – and particularly children –  displaced by the war, including some of our own people from Kyiv.  So far, our colleagues from around the world have donated or pledged close to €300,000,” Mr.Dąbrowski said. “We have already distributed €60,000 of that to eight NGOs in Poland, Hungary and Romania, which are providing emergency aid, food and water, hygiene supplies, transportation, medical and psychological care, shelter and schooling to Ukrainian civilians fleeing from the war”

Concerns with immigration and refugee asylum is the next expected complication. In the short-term, the Department of Homeland Security is prioritizing Temporary Protected Status (TPS) designations for those already in the U.S.

For the public, there are a number of actions to take to support Ukrainians. However, those wishing to help should make sure to do their research before making any donations in order to ensure the funds end up in the right hands.

How Can Members of the Public Help Ukraine?

Possible scam organizations and outreach programs are common during international crises, so it’s important to know the signs of fraudulent charities. Some best practices for providing support include:

  • Giving directly to an organization rather than through shared donation links on social media

  • Being wary of crowdfunding efforts

  • Doing a background check on an organization and its donation claims using Charity WatchGive.org, and Charity Navigator.

Some examples of charitable organizations focused on Ukraine relief include:

Informational resources for those affected are provided below:

Conclusion

Law firms and the public alike have stepped up to offer assistance and financial help to those most affected by the Russian invasion. Law firms cutting ties with Russian businesses and closing offices in Russia shows that the legal industry is standing behind Ukraine as the conflict continues to escalate.

In upcoming coverage, the National Law Review will be writing about how law firms are helping clients handle Russian sanctions, as well as the immigration implications of refugees displaced by the war in Ukraine.

*The quotes and input of interviewees reflect the latest information on the Russian invasion of Ukraine as of March 7, 2022. Readers can find the latest legal news from around the world on The National Law Review’s Global Law page.*

Article By Chandler Ford, Jessica Scheck, and Rachel Popa of the The National Law Review / The National Law Forum LLC

Copyright ©2022 National Law Forum, LLC

What We Know And Don’t About The Federal Court Order Enjoining EO 14042

In news that will be of interest to every federal contractor, including large and small businesses, universities, banks, and the health care industry, Executive Order 14042 (along with the related Task Force Guidance and contract clauses) has been ENJOINED in the states of Kentucky, Ohio, and Tennessee. U.S. District Court Judge Gregory F. Van Tatenhove of the Eastern District of Kentucky issued an order on November 30, 2021 granting Plaintiffs’ (a group including the states of Tennessee, Kentucky, and Ohio) motion for a preliminary injunction.

The decision most certainly will be appealed. In the meantime, contractors with employees performing in Kentucky, Ohio, or Tennessee are not required to comply with the Executive Order or FAR/DFARS clauses. Obviously, this creates a conundrum for federal contractors and subcontractors looking for a uniform way to implement the EO rules.

Background

Plaintiffs Kentucky, Ohio, and Tennessee filed suit in the U.S. District Court for the Eastern District of Kentucky on November 4, 2021, and four days later filed for a Temporary Restraining Order and Preliminary Injunction (“TRO/PI”). The TRO/PI motion asked the Court to enjoin the Government’s enforcement of EO 14042. Plaintiffs challenged the EO on 10 separate grounds, including that it violated the Federal Property and Administrative Services Act (“FPASA”), the Competition in Contracting Act (“CICA”), the Administrative Procedures Act (“APA”), and the U.S. Constitution. The Court held a conference among the parties on November 9 and a hearing on November 18.

The District Court Decision

Regardless of whether one likes the outcome or not, Judge Van Tatenhove’s decision is thoughtfully reasoned and well written. It is methodical and well cited. In sum, Judge Van Tatenhove enjoined the EO not because of the process by which the Administration implemented the mandate (i.e. not due to the lack of a meaningful notice-and-comment period or the unprecedented dynamic nature of the FAR clause), but rather because he found the Administration never had the authority to implement a vaccine mandate in the first place. In other words, the Court issued the injunction because the President of the United States purportedly lacks the statutory or constitutional authority to regulate public health via a contract clause issued pursuant to a procurement statute.

The decision, however, readily concedes that the Court’s view is the beginning, not the end, of the story. “Once again,” the Judge explained, “the Court is asked to wrestle with important constitutional values implicated in the midst of a pandemic that lingers. These questions will not be finally resolved in the shadows. Instead, the consideration will continue with the benefit of full briefing and appellate review. But right now, the enforcement of the contract provisions in this case must be paused.”

The Practical Impact (and Scope) of Kentucky v. Biden

While the Court’s decision is significant, it does NOT apply to all federal contractors. It enjoins the Government “from enforcing the vaccine mandate for federal contractors and subcontractors in all covered contracts in Kentucky, Ohio, and Tennessee.” Sadly, Judge Van Tatenhove does not explain this sentence. Does he mean to enjoin all federal contracts performed in those states, all federal contracts held by contractors operating in those states, or maybe even all federal contracts issued by agencies based in those states? It’s unclear. Adding to the confusion is his statement that the injunction “is properly limited to the parties before the Court” (i.e., the states of Kentucky, Tennessee, Ohio). Here again, we are left to guess what he means.

Subsequent to the Court’s decision, GSA took prompt steps to notify its contractors of the late breaking news. Here is GSA’s take on the scope of the injunction:

Update: On November 30, 2021, in response to a lawsuit filed in the United States District Court, Eastern District of Kentucky, a preliminary injunction was issued halting the Federal Government from enforcing the vaccine mandate for Federal contractors and subcontractors in all covered contracts in Kentucky, Ohio, and Tennessee.

GSA implemented the vaccine mandate stemming from Executive Order 14042 through Class Deviation CD-2021-13. Pursuant to the preliminary injunction, GSA will not take any action to enforce FAR clause 52.223-99 Ensuring Adequate COVID-19 Safety Protocols for Federal Contractors in all covered contracts or contract-like instruments being performed, in whole or in part, in Kentucky, Ohio and Tennessee.

While GSA’s formulation is a bit more useful than the Court’s in that it focuses on contracts “being performed . . . in” the three states, it still does not answer the key question regarding scope.

We think the most common sense interpretation of the scope of the injunction is that it applies to covered employees performing work in Kentucky, Tennessee, and Ohio. That being said, GSA’s interpretation seems to indicate the analysis should be performed at the contract level, rather than the employee level (i.e., if you have even one employee performing on a contract in one of those three states, then the entire contract is exempt from enforcement).

We hope to receive updated Guidance from the Task Force providing a definitive answer to this question in the near future. Until then, Federal contractors and subcontractors are stuck between the proverbial rock and a hard place – having to decide whether to continue marching ahead pursuant to the EO or navigate different rules in different states.

In reaching their own interpretive decision, contractors should keep in mind that the Court order does not prohibit compliance with the EO, it simply enjoins the Government from enforcing the EO. Before a contractor decides to continue rolling out its existing compliance approach as planned, however, it would be well advised to consider this: Now that the EO has been enjoined in Kentucky, Ohio, and Tennessee, one can make a credible (and likely correct) argument the EO requirements are no longer mandatory in those states (both vaccination and making/distancing). This transition from a mandatory to a voluntary rule creates at least two new hurdles for contractors.

  • First, continuing to comply with the FAR/DFARS clauses could create state liability where a state has a law against a vaccine mandate. For example, on November 12, 2021 Tennessee passed TN HB 9077/SB 9014, which prohibits private businesses, governmental entities, schools, and local education agencies from compelling an individual, or from taking adverse action against the individual to compel them, to provide proof of vaccination. Previously, the Executive Order, as a federal law, would have trumped the conflicting state law. Now, however, the unenforceable EO no longer reigns supreme. Accordingly, continuing to impose the EO on a Tennessee workforce creates state risk.
  • Second, continuing to comply with the FAR/DFARS clauses in Tennessee, Kentucky, or Ohio could create problems with a company’s collective bargaining obligations. When the vaccine requirement was a legal obligation, it probably was not required to be collectively bargained. Now that the requirement is no longer a legal obligation (at least in the three states covered by the Court order), imposing a vaccine mandate on union employees may have to be collectively bargained.

Accordingly, while marching ahead with an existing EO 14042 company-wide compliance plan may make great sense from an efficiency and consistency standpoint, it could create unintended risks in at least three states (and certainly in Tennessee).

What Should Contractors Do Now?

The EO 14042 COVID safety contracting landscape (like COVID itself) is changing every day. We are hopeful the Task Force will issue new Guidance soon to help contractors navigate the new hurdles created by the Kentucky decision. Until then, here are a few thoughts for consideration:

  • If you have no employees performing in Kentucky, Ohio, or Tennessee, the Order has no impact on you. The EO still applies to your contracts in other states just as it did prior to the Court’s decision.
  • If you have employees performing in Tennessee, take a close look at TN HB 9077/SB 9014 before making any decision regarding implementation of the EO.
  • If you have employees performing in Kentucky or Ohio and do not have collective bargaining agreements, you may want to continue enforcing the EO to avoid having different rules in different locations. But if you have collective bargaining agreements, make sure you connect with your L&E lawyer before charting a path forward.
  • Consider putting together a communication to your employees who no doubt soon will read a headline and have questions about the Order.
  • For contractors with employees performing in Kentucky, Tennessee, or Ohio, update your current compliance plan.
  • In the absence of further Task Force Guidance, consider staying in close communication with your contracting officer regarding your implementation approach, especially in the three states implicated by the Order.

Additionally, stay on the lookout for additional updates (including from us) on the other pending litigation challenging the EO.

What’s Next?

Speaking of the “other pending litigation,” the docket still is full of challenges to the EO. By our count, there are motions for preliminary injunction pending in cases with 24 additional states as plaintiffs:

 

 

 

 

 

 

 

The judges in these cases are not bound by the Kentucky decision – either on the merits or the scope of any resulting injunction. Meaning, should a judge in one of the remaining cases also strike the EO as contrary to law or the Constitution, that judge could choose to issue a nationwide injunction covering all contractors in all states (or, as the Kentucky judge chose, limit the application to the specific state(s) involved). Only time will tell. As of the publication of this Alert, three of those cases have hearings scheduled for December 3, 6, and 7. We expect decisions shortly thereafter.

Importantly, as the Kentucky decision explicitly recognizes, it’s unlikely any of these district courts will be the final arbiter of the legality of EO 14042. We think it’s only a matter of time until we get the rarely seen, yet always celebrated Supreme Court government contracts decision. Stay tuned.

For Those Wanting A Bit More Detail . . .

For those interested in the details of the Kentucky decision, here is a brief summary:

After analyzing and concluding that the plaintiffs had standing to pursue this matter on behalf of their agencies and businesses operating in their states (a contrary outcome to the U.S. District Court’s recent decision in Mississippi), Judge Van Tatenhove jumped right in to analyzing the myriad arguments raised by Plaintiff. Briefly, here is what he found:

  • FPASA. Plaintiffs argued that the President exceeded his authority under FPASA in issuing the EO. The Court agreed, reasoning that FPASA was intended to give the President procurement powers, not unlimited powers. “FPASA does not provide authority to ‘write a blank check for the President to fill in at his will. . . .” The Court found an insufficiently close nexus between the EO and the need for economy and efficiency in the procurement of goods and services, reasoning that similar logic could authorize a president to outlaw overweight contractor employees since the CDC has concluded that obesity worsens the outcomes of COVID-19. While recognizing the breadth of FPASA and how it historically has been used to promote far-reaching social labor policies (e.g., EO 11246), for this judge at least, the COVID-19 mandate was just a bridge too far.
  • CICA. CICA requires agencies to provide “full and open competition through the use of competitive procedures” in federal procurements. The Court found that the EO violates CICA. According to Judge Van Tatenhove, “contractors who ‘represent the best value to the government’ but choose not to follow the vaccine mandate would be precluded from effectively competing for government contracts.” It seems to us this reasoning does not hold up under close scrutiny. Couldn’t one say the same thing about contractors precluded from contracts where they “choose not to follow” the Trade Agreements Act, Section 889, Executive Order 11246, or any other number of gating procurement rules? In any event, the Court found the argument compelling at least “at this early stage in the litigation.”
  • Non-Delegation Doctrine. The non-delegation doctrine precludes Congress from transferring its legislative power to another branch. Plaintiffs argued that “mandating vaccination for millions of federal contractors and subcontractors is a decision that should be left to Congress (or, more appropriately, the States) and is a public health regulation as opposed to a measure aimed at providing an economical and efficient procurement system.” In evaluating Plaintiffs’ argument, the Court looked to the OSHA rule recently struck down by the Fifth Circuit. “It would be reasonable to assume that a vaccine mandate would be more appropriate in the context of an emergency standard promulgated by OSHA,” Judge Van Tatenhove noted, and then went on to note that even the OSHA ETS was struck down as a violation of the non-delegation doctrine. If the ETS couldn’t withstand a non-delegation challenge, “the Court has serious concerns about the FPASA, which is a procurement statute, being used to promulgate a vaccine mandate for all federal contractors and subcontractors.” The Court acknowledged “that only twice in American history, both in 1935, has the Supreme Court found Congressional delegation excessive.” Nonetheless, Judge Van Tatenhove seems to believe he has found the third. He mused, however, that “it may be useful for appellate courts to further develop the contours of the non-delegation doctrine, particularly in light of the pandemic.”
  • Tenth Amendment. As we all will remember from high school civics (if not from law school), the Tenth Amendment states that “powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.” The Court expressed a “serious concern that Defendants have stepped into an area traditionally reserved to the States,” and held the Tenth Amendment provides an additional reason to enjoin the EO.

In short, Judge Van Tatenhove clearly believes the Plaintiffs, in this case, are likely to prevail on multiple statutory and constitutional bases.

The decision then goes on to discuss whether the President (through his delegated officials) failed to follow applicable administrative procedures in issuing the EO and the subsequent FAR clause. Here, the President fared better than he did with Plaintiffs’ constitutional arguments. The Court concluded that the Administration, while perhaps “inartful and a bit clumsy” at times, “likely followed the procedures required by statute.” The Court also concluded that the Administration did not act arbitrarily or capriciously (as defined by the APA). “The Court finds, based on the limited record at this stage in the litigation, that Defendants have followed the appropriate procedural requirements in promulgating the vaccine mandate.” But this all is little solace to the Administration as it would have been much easier to overcome a procedural error than a constitutional one — let alone the “serious Constitutional concerns” identified by Judge Van Tatenhove.

*Sheppard Mullin partners Jonathan AronieRyan RobertsAnne Perry, and associates Nikki SnyderEmily Theriault, and Dany Alvarado participated in drafting this Alert.

Copyright © 2021, Sheppard Mullin Richter & Hampton LLP.

Article by the Government Contracts Practice Group with Sheppard, Mullin, Richter & Hampton LLP.

For more about federal court orders and federal contractors visit the NLR Government Contracts Maritime & Military Law type of law page.

O Say Can You See? Federal Courts Say Military Members Entitled to Paid Leave

This week, the federal appellate court in Pennsylvania ruled that workers who take leave to serve in the military must be paid for that time if their employers offer other forms of comparable short-term paid leave. The Third Circuit Court of Appeals held that paid leave is a “right and benefit” under the Uniformed Services Employment and Reemployment Rights Act (USERRA). That is, if an employer provides paid leave for some reasons (such as jury duty, bereavement, and illness), then it must also pay servicemembers who are on military leave.

The decision was issued in a case brought by a Navy reservist who sued his employer seeking regular wages for the time he spent on military leave. He claimed that his employer violated USERRA—the federal law granting job protections to those who serve in the military—by providing paid leave to employees for various reasons but not for military leave. The Court sided with the reservist, concluding that USERRA “does not allow employers to treat servicemembers differently by paying employees for some kinds of leave while exempting military service.”

The decision in the Third Circuit case is similar to a Seventh Circuit case from February in which a United Airlines pilot who served on reserve duty for the U.S. Air Force brought a class action lawsuit on behalf of himself and other pilots who took periodic unpaid leaves of absence to attend military training.

These decisions are only legally binding in Pennsylvania, New Jersey, Delaware, Illinois, Indiana, and Wisconsin. However, with consistent decisions by these two influential federal appellate courts, it is likely that courts nationwide will rule similarly in the inevitable future cases.

We are recommending that all employers begin reviewing their military leave policies and assess the benefits being provided to employees. That is, if you pay employees for some kinds of absences, you’ll likely need to pay for military leave as well.

©2021 Roetzel & Andress

Article By Monica L. Frantz of Roetzel & Andress LPA

For more articles on paid leave, visit the NLR Labor & Employment section.

Whistleblower Rewarded Over $2 Million for Exposing Contractor of Military Helicopters That Provided Unsafe Helicopters, Risking the Lives of Military Members Deployed to War Zones

An Illinois-based aviation services company and its subsidiary in Florida have agreed to pay the government $11,088,000 to resolve allegations that they violated the False Claims Act by breaching their contract to maintain military aircraft that were “fully mission capable.”

The aviation service companies own and maintain helicopters.  They had contracted with the Department of Defense to supply helicopters for use in transporting cargo and personnel in support of missions in Afghanistan and Africa.  However, according to a whistleblower, the aviation companies schemed to maximize profits by failing to provide the resources needed to maintain the helicopters.  This resulted in the helicopters not being airworthy.  Yet, the companies continued to certify the helicopters as “fully mission capable.”  Thus, it was alleged, the companies knowingly risked the lives of military personal who were using the aircraft while deployed in war zones and committing fraud against U.S. taxpayers.

The same companies also paid an additional amount to resolve a separate matter brought by the Federal Aviation Administration (FAA) against them for deficiencies in helicopter maintenance work.

This lawsuit originated from a former employee of the aviation service companies who brought suit under the qui tam, or whistleblower, provisions of the False Claims Act. Whistleblower lawsuits allow private parties, known as “relators,” to bring suit on behalf of the government and to share in any recovery, usually 15% to 25% of the settlement amount.  In this case, the whistleblower will receive $2,162,160.  The False Claims Act allows the government to intervene and prosecute an action, as it did in this case.  Fraud in government contracting is often exposed by individuals with knowledge that the fraud is occurring, as in this case. Whistleblowers may be employees, clients, or competitors of the wrongdoer.  Such individuals can use their inside knowledge to bring fraud to the attention of the government, saving lives and protecting taxpayer money.

© 2021 by Tycko & Zavareei LLP

How Long Until Biden Nominates the MARAD Administrator?

As President-elect Biden begins assembling his new team, personnel decisions play an important role in what the next four years will look like for the maritime industry. As speculation begins to mount, a question we see regularly is how long it will take for the president to appoint a new head of the U.S. Maritime Administration (MARAD).

The short answer is not any time soon. If past is prologue, it will be many months before a new administrator is confirmed. In the chart below, we detail the nomination and confirmation timelines of the last six MARAD administrators during the first term of an incoming president:

Admiral Mark Buzby had the fastest confirmation in recent history, despite having to wait nearly nine months after the 2016 election to take command at MARAD.

The longest wait for a MARAD Administrator occurred during the first term of the Obama presidency. David Matsuda was formally nominated to the post more than a year after the 2008 election, and in the end wouldn’t be confirmed until nearly 600 days after the election.

It should be noted, that in addition to those listed, several MARAD administrators have navigated the nomination process in the second term of a presidency; including Paul “Chip” Jaenichen (2014), Sean Connaughton (2006), Clyde Hart (1998), and John Gaughan (1985).

The new MARAD administrator will have big shoes to fill in replacing Admiral Buzby, but despite a slow-developing process, the agencies maintain order and continuity at the staff level from top to bottom. But if history holds, don’t expect a rapid transition at MARAD.

Marad Nominee Timeline

Copyright 2020 K & L Gates
ARTICLE BY Mark Ruge and  Brody Garland of K&L Gates
For more articles on maritime law, visit the National Law Review Government Contracts, Maritime & Military Law section.