By The homeland Security & Defense Business Council

Since passage of the Support Anti-terrorism by Fostering Effective Technologies Act of 2002 (“SAFETY Act” or “Act”), over 100 “certifications” have been awarded liability protections to companies that have developed “qualified anti-terrorism technologies.” ¹⁾  In a universe of thousands of companies, this number is exceedingly low.  Despite the many benefits of the SAFETY Act, it remains one of the most underreported and underutilized success stories for the U.S. Department of Homeland Security (DHS) and for America at large.  It is crucial that buyers and sellers of anti-terrorism products and services understand the full potential of the SAFETY Act not only to protect their enterprise but to assure that the U.S. has at its disposal the most robust and effective anti-terrorism technologies available.  Government and industry must do a better job raising awareness of the protections.  Law suits from the September 11, 2001 attacks in the U.S. as well as those holding the Port Authority of New York and New Jersey liable for the 1993 World Trade Center attacks in the U.S., make it clear that the litigation environment is not friendly to providers and users of security services and provide a tangible economic disincentive for companies to offer and implement homeland security technologies.  Congress passed the SAFETY Act in order to help mitigate these concerns.  Owners and operators -- particularly those in critical infrastructure industries, such as commercial real estate, sporting venues, utilities, transportation, healthcare and financial services -- can all benefit greatly from the Act and concomitantly protect their patrons and operations. 

BRIEF HISTORY

A number of lawsuits filed against the airlines, security providers, and facility owners directly impacted by the event of September 11, 2001 raised concerns that conducting business in the homeland security market would expose companies to nearly limitless legal liability. ²⁾  Defenses previously used successfully to shield liability in the 1995 Oklahoma City bombing, taken place in the U.S., proved unsuccessful in the suits emanating from 9/11.  The court found that the attack was a “foreseeable hazard” -- sending shock waves through the nascent homeland security community.  Companies considering entering the homeland security market faced the risk that they could be liable for their product or service.  Congress passed the SAFETY Act as part of the Homeland Security Act (HSA) of 2002 to provide liability protection to incent and encourage companies to develop and make available innovative, useful anti-terror technologies and services to protect the nation, its citizens and critical assets.

THE SAFETY ACT

The SAFETY Act allows firms that manufacturer or provide a Qualified Anti-Terror Technology (QATT) -- which includes both products and services -- to apply to the U.S. DHS for protections from civil claims following an “act of terrorism” at a site that has utilized and/or deployed the QATT.  The Act provides two levels of protection -- “designation” and “certification”.  A product or service that is “designated” as a “qualified anti-terrorism technology” qualifies for the following: ³⁾

• Claims against a seller of a QATT are capped at an amount no greater than the limits of liability insurance coverage required to be maintained by the seller (the amount set forth by DHS);

• No punitive damages may be awarded;

• Non-economic damages may be awarded against a defendant only in an amount directly proportional to the percentage of responsibility of such defendant for the harm to the plaintiff;

• Any recovery by a plaintiff shall be reduced by the amount of collateral source compensation, if any, that the plaintiff has received or is entitled to receive as a result of such “acts of terrorism” that result or may result in loss to the seller;

• Any and all claims must be brought in federal court.

A company that qualifies for “certification” receives all the same protections offered for a “designated” SAFETY Act technology, and is also entitled to invoke the government contractor defense a rebuttable presumption that all claims relating to the technology that arise out of, or relate to, an act of terrorism are to be immediately dismissed.

A technology “certified” under the SAFETY Act is entitled to a presumption of immunity from civil claims.  Under either a “designation” or “certification” the only proper defendant in any civil lawsuit is the seller of the SAFETY Act approved QATT. This functionally means that any entity, other than the seller, that has something to do with the technology (customers, suppliers, subcontractors, etc.) is immune from civil claims arising out of, or related to, an act of terrorism. In practice this means that the customer is also protected from civil claims.  Both public and private entities are eligible for SAFETY Act protections.  Any product or service that can in some way deter, defend against, identify, respond to, or mitigate an act of terrorism is eligible.  A product or service that can be used for purposes other than acts of terrorism will not necessarily be precluded from an award of SAFETY Act protections.  For example, cameras or other perimeter security that protect against intruders is also applicable to detecting and preventing acts of terrorism.  SAFETY Act applications are submitted to DHS’ Science & Technology Directorate for review.  If all the evidence required for certification is not supplied, DHS can grant a limit on the amount of damages that could be awarded against the applicant a “designation” rather than a “certification”.  The company may resubmit its application at any time to increase its level of protection.  If the application is denied coverage outright, the company can resubmit another application at any time.

WHY INCREASE UTILIZATION?

If the technologies certified by the SAFETY Act are not more fully deployed, and its benefits not better publicized, everyone loses -- America is left with fewer safeguards, and companies that do develop or deploy such technologies are open to limitless litigation.  Implementation should focus not on limiting liability, but rather on encouraging greater and more widespread deployment of technologies that could deter terrorism and protect its citizens.  Continued and widespread utilization will be enhanced by ensuring that DHS’ review process is strong and responsible, but not unnecessarily burdensome to the applicants. Initially as could be expected from any new administrative review process obtaining SAFETY Act protections was a lengthy and complicated process.  This discouraged many companies as they determined that the route to SAFETY Act protections was too arduous for the ultimate benefits.  DHS has since revised, improved and streamlined its review process that has resulted in numerous approvals.  Although revised, the review is still rigorous and benefits industry by assuring that the certification is reliable and not open to challenge.

AN INCENTIVE

The purpose of the SAFETY Act is to provide an incentive to the private sector to engage in the homeland security market.  Congress’ intent was to incent industry to engage.  The intent was memorialized in the Notice of Proposed Rulemaking (NPRM) for the SAFETY Act and said that the Act “provides incentives for the development and deployment of anti-terrorism technologies by creating a system of ‘risk management’ and a system of ‘litigation management’.” ⁴⁾  The Act creates certain liability limitations for ‘claims arising out of, relating to, or resulting from an act of terrorism’ where qualified anti-terrorism technologies have been deployed.”  There are some who do not fully understand the full intent behind the Act, and have questioned whether the SAFETY Act represented some sort of “gift” to industry, the legislative history as well as the interpretations (and actions) of DHS have conclusively demonstrated otherwise.  The SAFETY Act was passed to incent companies to develop, deploy and use the most advanced and necessary technologies to help in the fight against terrorism.

COMPLEMENTARY LAWS & PROGRAMS

The SAFETY Act can play a critical part in supplementing, augmenting or enhancing numerous initiatives designed either to increase preparedness against terrorist threats or to force corporate America to better disclose risks and mitigate liability.

Title IX - 9/11 Legislation

Recommended by the 9/11 Commission and authorized by the Implementing Recommendations of the 9/11 Commission Act of 2007 (P.L. 110-53), ⁵⁾ Title IX of public law 110-53 (better known as the 9/11 legislation) created the “voluntary private sector preparedness accreditation and certification program” to “enhance nationwide resilience in an all hazards environment by improving private sector preparedness.  Participation in the program will be voluntary and intended to be driven by the marketplace.” ⁶⁾  The mere existence of this program creates an unmistakable appearance of a standard of care that the private sector cannot ignore.  This is particularly true since the program shall assess whether a private sector entity complies with voluntary preparedness standards.  SAFETY Act protections for complying with the voluntary standards, or utilizing SAFETY Act approved technologies to comply with any standards established could serve to mitigate concerns about a “standard of care”.  By using the SAFETY Act to comply with Title IX standards, companies can achieve some measure of confidence that they will have some tangible liability protection even though the standards were voluntary.

Sarbanes-Oxley

The Sarbanes-Oxley Act of 2002 was enacted to enhance responsible corporate governance practices and to facilitate disclosure to investors.  Language contained in 409 of Sarbanes-Oxley governs real-time issuer disclosures, requiring each reporting company to disclose to the public on a “rapid and current basis” additional information concerning material changes in the financial condition or operations of the issuer in plain English.  The expansive language in 409 could possibly trigger an obligation to report a company’s actions (or lack thereof) with respect to implementing SAFETY Act technologies.  If a company was on notice that there was a heightened risk of liability associated with the use of or access to its facility or network, it might have the duty and want to report new developments with respect to the implementation of QATTs in their operation. 

Business Judgment Rule

The “business judgment rule” operates as a presumption that in making business decisions, the directors and officers of a corporation acted on an informed basis, in good faith, and in the honest and reasonable belief that decisions were made in the best interests of the company.  Given the powerful protections of the SAFETY Act and the publicly available information identifying QATTs, it is likely that under the “business judgment rule”, the failure to consider and where appropriate use QATTs, could subject directors and officers to personal liability if an act of terrorism that resulted in damage could have been prevented or mitigated by a QATT.  This is particularly true as the risk management industry becomes more sophisticated about the SAFETY Act.  Many insurance companies are now starting to adjust premiums to reflect the receipt of SAFETY Act protections.  As insurance companies and their underwriters assign greater tangible value to the SAFETY Act certifica tion, there should be a parallel increase in the urgency to pursue such protections.

CREATIVE APPLICATIONS

A recent decision by a New York court, ⁷⁾ held that the Port Authority of New York and New Jersey was liable for damages resulting from the 1993 World Trade Center bombing -- a dramatic and costly example of what can happen when terrorists strike and sufficient liability protections are not in place.  On February 26, 1993, terrorists drove a rental van loaded with fertilizer-based explosives into the public parking area of the World Trade Center, lit a time-delay fuse and left.  The subsequent explosion created a crater six stories deep, killed six people, and injured hundreds more.  The court found the defendants liable and the verdict sustained based in part on two critical issues: (1) whether the defendant was on notice of the possibility of such an attack; and (2) what steps were reasonable or necessary to mitigate the consequences of such an attack in light of that knowledge.  On the issue of notice, the law previously required actual notice of the possibility of an attack, satisfied by such facts as a previous attack at the same facility.  The trial record established that although there “had been no remotely comparable precedent event” at the World Trade Center the “notice” of potential terrorist attacks was the appropriate standard to apply and added that “notice” occurs when a defendant knew or should have known that a terrorist attack was possible.  Under the “should have known” standard, facility owners must decide whether they are “on notice” of the possibility of terrorist events taking place at their property.  Assuming notice, the court made it clear that “reasonable” mitigation steps could be ones that were previously considered “burdensome” and that the court could readily foresee circumstances where even the most stringent of mitigation measures suggested in the course of a vulnerability assessment would be considered reasonable.  This means that facility owners may now face the very real possibility of having to take fairly burdensome measures to satisfy a reasonable standard of care.  Most alarming is that there are no assurances that any actions taken will be considered “reasonable”.  Even if the steps taken were in adherence with carefully crafted voluntary standards or best practices, the New York decision certainly leaves open the possibility that such actions will be insufficient.  SAFETY Act designation avails owners of tangible remedies to lessen their liability.  Corporations that do not utilize the protections under the Act may suffer incalculable losses in the event of another attack -- losses that neither they, nor the homeland security industry in general -- can afford. 

The SAFETY Act is a powerful tool that provides companies a unique method to mitigate their liability.  Congress intended to incent industry to assure the development and deployment of the best possible technologies and services to protect the country and its citizens.  The question is not “if” but “when” the next attack will occur and it is critical that industry continue to utilize SAFETY Act protections.

END NOTE

1) www.safetyact.gov

2) In re September 11 Litigation, 280 F.Supp.2d 279 (S.D.N.Y. 2003).

3) 2002. Homeland Security Subtitle G of Title VIII of the Homeland Security Act of 2002 The Support Anti-terrorism by Fostering Effective Technologies Act of 2002, also known as The SAFETY Act.  https://www.safetyact.gov/DHS/SActHome.nsf/HomeTop?ReadForm# (accessed October 7, 2008).

4) Regulations Implementing the Support Anti-Terrorism by Fostering Effective Technologies Act of 2002 (the Safety Act), 68 Fed. Reg. 133 (proposed July 11, 2003) (to be codified at 6 C.F.R. pt. 25).

5) Public Law 110-53, August 3, 2007: "Implementing Recommendations of the 9/11 Commission Act of 2007."  Section 524: voluntary private sector preparedness accreditation and certification program.  http://www.ise.gov/docs/nsis/Implementing911_Act.pdf

6) The U.S. department of homeland security: "DHS selects ANSI-ASQ national accreditation board to support voluntary private sector preparedness certification program."  July 30, 2008, DHS release number: FNF-08-068.  http://www.fema.gov/news/newsrelease.fema?id+45288

7) Nash v. Port Auth. of N.Y. & N.J., 856 N.Y.S.2d 583 (1st Dept, 2008).

By The homeland Security & Defense Business Council

The Homeland Security and Defense Business Council (www.homelandcouncil.org) is a non-profit, non-partisan corporate membership organization whose principal representatives are responsible for their companies’ homeland security business units.  The Council engages its members and subject matter experts in its members’ organizations to assist in strategic thought leadership, solutions development and program planning.  The Council’s work leads to the development and implementation of better and more effective solutions to secure America’s citizens and critical physical and cyber assets.  Its members are actively involved in providing the private sector’s voice in determining the strategy and future policy direction of America’s homeland security.