[House Hearing, 108 Congress]
[From the U.S. Government Publishing Office]



 
 IMPLEMENTING THE SAFETY ACT: ADVANCING NEW TECHNOLOGIES FOR HOMELAND 
                                SECURITY

=======================================================================

                                HEARING

                               before the

                              COMMITTEE ON
                           GOVERNMENT REFORM

                        HOUSE OF REPRESENTATIVES

                      ONE HUNDRED EIGHTH CONGRESS

                             FIRST SESSION

                               __________

                            OCTOBER 17, 2003

                               __________

                           Serial No. 108-96

                               __________

       Printed for the use of the Committee on Government Reform


  Available via the World Wide Web: http://www.gpo.gov/congress/house
                      http://www.house.gov/reform


                                 ______

91-553              U.S. GOVERNMENT PRINTING OFFICE
                            WASHINGTON : 2003
____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092250 Mail: Stop SSOP, Washington, DC 20402ï¿½090001

                     COMMITTEE ON GOVERNMENT REFORM

                     TOM DAVIS, Virginia, Chairman
DAN BURTON, Indiana                  HENRY A. WAXMAN, California
CHRISTOPHER SHAYS, Connecticut       TOM LANTOS, California
ILEANA ROS-LEHTINEN, Florida         MAJOR R. OWENS, New York
JOHN M. McHUGH, New York             EDOLPHUS TOWNS, New York
JOHN L. MICA, Florida                PAUL E. KANJORSKI, Pennsylvania
MARK E. SOUDER, Indiana              CAROLYN B. MALONEY, New York
STEVEN C. LaTOURETTE, Ohio           ELIJAH E. CUMMINGS, Maryland
DOUG OSE, California                 DENNIS J. KUCINICH, Ohio
RON LEWIS, Kentucky                  DANNY K. DAVIS, Illinois
JO ANN DAVIS, Virginia               JOHN F. TIERNEY, Massachusetts
TODD RUSSELL PLATTS, Pennsylvania    WM. LACY CLAY, Missouri
CHRIS CANNON, Utah                   DIANE E. WATSON, California
ADAM H. PUTNAM, Florida              STEPHEN F. LYNCH, Massachusetts
EDWARD L. SCHROCK, Virginia          CHRIS VAN HOLLEN, Maryland
JOHN J. DUNCAN, Jr., Tennessee       LINDA T. SANCHEZ, California
JOHN SULLIVAN, Oklahoma              C.A. ``DUTCH'' RUPPERSBERGER, 
NATHAN DEAL, Georgia                     Maryland
CANDICE S. MILLER, Michigan          ELEANOR HOLMES NORTON, District of 
TIM MURPHY, Pennsylvania                 Columbia
MICHAEL R. TURNER, Ohio              JIM COOPER, Tennessee
JOHN R. CARTER, Texas                CHRIS BELL, Texas
WILLIAM J. JANKLOW, South Dakota                 ------
MARSHA BLACKBURN, Tennessee          BERNARD SANDERS, Vermont 
                                         (Independent)

                       Peter Sirh, Staff Director
                 Melissa Wojciak, Deputy Staff Director
                      Rob Borden, Parliamentarian
                       Teresa Austin, Chief Clerk
              Philip M. Schiliro, Minority Staff Director


                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on October 17, 2003.................................     1
Statement of:
    Albright, Parney, Assistant Secretary for Plans, Programs and 
      Budgets, Department of Homeland Security...................    12
    Miller, Harris N., president, Information Technology 
      Association of America; Stan Z. Soloway, president, 
      Professional Services Council; and John M. Clerici, esq., 
      on behalf of the U.S. Chamber of Commerce..................    36
Letters, statements, etc., submitted for the record by:
    Albright, Parney, Assistant Secretary for Plans, Programs and 
      Budgets, Department of Homeland Security, prepared 
      statement of...............................................    15
    Clerici, John M., esq., on behalf of the U.S. Chamber of 
      Commerce, prepared statement of............................    69
    Cummings, Hon. Elijah E., a Representative in Congress from 
      the State of Maryland, prepared statement of...............   122
    Davis, Chairman Tom, a Representative in Congress from the 
      State of Virginia, prepared statement of...................     4
    Maloney, Hon. Carolyn B., a Representative in Congress from 
      the State of New York, prepared statement of...............    30
    Miller, Harris N., president, Information Technology 
      Association of America:
        Application kit..........................................    79
        Prepared statement of....................................    39
    Ruppersberger, Hon. C.A. Dutch, a Representative in Congress 
      from the State of Maryland, prepared statement of..........    22
    Soloway, Stan Z., president, Professional Services Council, 
      prepared statement of......................................    60
    Waxman, Hon. Henry A., a Representative in Congress from the 
      State of California, prepared statement of.................     8


 IMPLEMENTING THE SAFETY ACT: ADVANCING NEW TECHNOLOGIES FOR HOMELAND 
                                SECURITY

                              ----------                              


                        FRIDAY, OCTOBER 17, 2003

                          House of Representatives,
                            Committee on Government Reform,
                                                    Washington, DC.
    The committee met, pursuant to notice, at 10:10 a.m., in 
room 2154, Rayburn House Office Building, Hon. Tom Davis 
(chairman of the committee) presiding.
    Present: Representatives Tom Davis of Virginia, Ose, 
Schrock, Duncan, Carter, Waxman, Maloney, Cummings, 
Ruppersberger, and Bell.
    Staff present: Peter Sirh, staff director; Melissa Wojciak, 
deputy staff director; Keith Ausbrook, chief counsel; John 
Hunter and David Young, counsels; David Marin, director of 
communications; John Cuaderes, senior professional staff 
member; Teresa Austin, chief clerk; Brien Beattie, deputy 
clerk; Corinne Zaccagnini, chief information officer; Michelle 
Ash, minority counsel; Jean Gosa, minority assistant clerk; and 
Cecelia Morton, minority office manager.
    Chairman Tom Davis. Good morning. A quorum being present, 
the Committee on Government Reform will come to order.
    I want to welcome everybody to today's hearing on the 
implementation of the Support Antiterrorism by Fostering 
Effective Technologies Act of 2002 [SAFETY Act]. The private 
sector is an important partner in providing for the security of 
our homeland. To ensure that private sellers, manufacturers and 
service providers contribute to homeland security by developing 
potentially life-saving technologies without having the fear of 
crippling or frivolous lawsuits, the government needs to 
provide litigation and risk management frameworks to adequately 
prepare for terrorist attacks.
    As part of the Homeland Security Act of 2002, Public Law 
107-296, Congress enacted the SAFETY Act to provide incentives 
for the development and deployment of antiterrorism 
technologies by creating systems of risk management and 
litigation management. The SAFETY Act seeks to ensure that the 
threat of liability does not deter manufacturers or sellers of 
antiterrorism technologies from developing and commercializing 
technologies that could save lives. The act creates certain 
frameworks for ``claims arising out of, relating to or 
resulting from an act of terrorism'' where qualified 
antiterrorism technologies are deployed. The act does not limit 
liability for harms caused by antiterrorism technologies when 
no acts of terrorism have occurred.
    The SAFETY Act directs the Department of Homeland Security 
to adopt regulations to implement the liability protections 
conferred by the act for qualified antiterrorism technologies. 
Under the statute, these qualified technologies would receive 
several protections, including limiting lawsuits filed under 
the act to the Federal courts, prohibiting a plaintiff from 
recovering punitive damages, or permitting recovery of 
noneconomic damages such as damages for physical or emotional 
pain, and reducing any recovery from the seller by the amount 
of any collateral sources such as insurance payments.
    Some technologies qualified under the act may also qualify 
for a rebuttable ``government contractor defense.'' The 
government contractor defense could provide sellers and 
manufacturers immunity from product liability altogether when 
the qualified technology is deployed for the purposes of 
defending against or responding to a terrorist act.
    Under the act DHS can certify that the seller or 
manufacturer will receive this rebuttable defense if DHS 
determines that the technology will perform as intended, 
conforms to the seller's specifications and is safe for the use 
it's intended. But the defense will not protect sellers and 
manufacturers against charges of fraud or willful misconduct. 
The act requires DHS to adopt rules to implement the 
protections in the act. The timely adoption and implementation 
of those rules is the reason for our hearing today.
    On July 11, 2003, DHS announced the draft regulations 
implementing the SAFETY Act that were published in the Federal 
Register for public comment. Over 40 private firms and private 
sector associations submitted comments. An interim final rule 
has been released to the public.
    By passing the SAFETY Act, Congress acted quickly to 
resolve uncertainty over liability concerns so that the full 
power of the American technology could be unleashed in the war 
on terrorism. We gave DHS responsibility to develop a 
transparent process to accomplish these objectives. It is 
imperative that DHS begin qualifying existing and new 
technologies so that they can be placed in the hands of those 
who need them now, especially for those high-priority homeland 
security procurements that have been on hold pending the 
qualification of antiterrorism technologies already selected 
for use.
    For its part, when DHS issued the draft regulations in 
July, it stated it would begin accepting applications for 
SAFETY Act protections on September 1st, but the actual form to 
be used for private firms to qualify antiterrorism technologies 
wasn't approved by OMB until this week. Also the interim final 
rule was only issued by DHS this week. As a result of these 
bureaucratic delays, private firms have waited to submit 
applications until they have some finality in the application 
process and implementing regulations. It's imperative that DHS 
now mobilize its efforts to accomplish the critical purposes 
set out in the SAFETY Act.
    In so doing, DHS must identify and implement a clear 
strategy for prioritizing the many applications it will receive 
for the qualification of antiterrorism technologies. Congress 
did not intend for the SAFETY Act to be used solely as a means 
for the development of ``new'' antiterrorism technologies. 
While developing new technology is essential, I believe DHS 
needs to focus on qualifying ``existing'' antiterrorism 
technologies that are ready to be deployed to protect our 
civilian population. I urge the Department to make as its No. 1 
priority the identification, prioritization and qualification 
of existing antiterrorism technologies that are now being 
sought by Federal and non-Federal entities. It's imperative 
that we protect the highest-priority facilities and critical 
infrastructures in high-risk locations.
    In addition, DHS must be careful that its implementing 
regulations and processes are not so complicated that they 
defeat the very purpose of the SAFETY Act. They should allow 
for the rapid deployment of antiterrorism technology necessary 
to protect the American people rather than create burdensome 
red tape and bureaucracy. Wherever possible, decisions 
regarding the suitability of antiterrorism technology should 
rest with those entities charged with the responsibility of 
acquiring the technology. It's also imperative that DHS adheres 
to a disciplined time schedule for processing applications.
    Through this hearing the committee intends to learn about 
the interim final rule promulgated by DHS and whether the rule 
effectuates the congressional intent of the act. The committee 
hopes this open discussion will result in effective 
implementation of the act.
    We have assembled an impressive group of witnesses to help 
us understand the statute, the proposed rules and the private 
sector concerns about the proposed rules.
    I want to thank all of our witnesses for appearing before 
the committee. I look forward to their testimony, and I now 
yield to Mr. Waxman.
    [The prepared statement of Chairman Tom Davis follows:]

    [GRAPHIC] [TIFF OMITTED] T1553.146
    
    [GRAPHIC] [TIFF OMITTED] T1553.147
    
    [GRAPHIC] [TIFF OMITTED] T1553.148
    
    Mr. Waxman. Thank you very much, Mr. Chairman. I agree that 
the private sector can and should develop new and innovative 
technologies to respond to the ever-changing threats to the 
American people. I support all efforts to make the people of 
the United States safer, and I believe that the private sector 
has a role to play. I'm glad that the representatives of the 
private sector are here today to discuss their intentions to 
create these new technologies.
    However, the SAFETY Act, which we are discussing today, is 
a disappointment and moves in the wrong direction. This law is 
not about encouraging innovation, but rather its goal is to 
limit the legal liability of the defense contractors and other 
manufacturers of antiterrorism products and, in many 
circumstances, to give them absolute immunity. Even in those 
cases where there may be limited liability, the law bars access 
to State courts, eliminates punitive damages, eliminates joint 
liability, limits all forms of liability to the cost of, 
``reasonably priced,'' insurance, and reduces judgments by the 
amount of insurance or other collateral source benefits. And 
while limiting or eliminating the liability of manufacturers, 
the law also severely restricts the ability of claimants to 
recover damages for their injuries, because it fails to provide 
for any alternative form of compensation or indemnification.
    This act is ironically called the SAFETY Act, when in 
reality the only safety it provides is to corporate wrongdoers. 
Corporations that sell defective products will now have nothing 
to fear. They will either have very limited liability or no 
liability at all. Let me give an example. Suppose the Homeland 
Security Department approves a process designed to test the 
water supply for contamination. The sellers of this service 
later discover that their process is ineffective, but continue 
to earn huge profits by falsely promising the safety of the 
water supply. If terrorists exploit this weakness, and citizens 
are poisoned by contaminated water, the sellers of the service 
are totally immune from all forms of liability if the product 
was certified for the government contractor defense. This is 
true even though their misconduct was intentional. This makes 
absolutely no sense. Why would we want to give corporations 
protection for intentional, knowing misbehavior?
    Mr. Chairman, as you know, I supported the Turner amendment 
to the Homeland Security Act extending indemnification 
protections to antiterrorism technologies. I believe Mr. 
Turner's amendment would have appropriately mitigated the 
seller's risk of proposal liability. Unfortunately, the Turner 
amendment lost in the House by 1 vote, and thus we are left 
with the SAFETY Act--immunity instead of indemnity.
    Although I did not support the SAFETY Act, I will agree 
that the SAFETY Act, like all laws, should be properly enforced 
by the administration. Therefore, I appreciate that we are 
having this oversight hearing today, and I look forward to 
hearing and reading the testimony on how the administration 
intends to implement this act.
    Chairman Tom Davis. Well, thank you very much.
    [The prepared statement of Hon. Henry A. Waxman follows:]

    [GRAPHIC] [TIFF OMITTED] T1553.001
    
    [GRAPHIC] [TIFF OMITTED] T1553.002
    
    [GRAPHIC] [TIFF OMITTED] T1553.003
    
    [GRAPHIC] [TIFF OMITTED] T1553.004
    
    Chairman Tom Davis. Mr. Ose, any opening statement? Any 
other Members wish to make an opening statement?
    Well, let's move to our first panel. I want to thank the 
honorable Parney Albright, the Assistant Secretary for Plans, 
Programs and Budgets of the Department of Homeland Security. 
It's the policy of this committee to swear people in before 
they testify. Would you rise and raise your right hand?
    [Witness sworn.]
    Chairman Tom Davis. We have your whole statement in the 
record. We have a light in front of you; when it turns orange, 
you'll be 4 minutes into your statement; red, 5 minutes, and if 
you could sum up about that time. Thanks for being with us.

 STATEMENT OF PARNEY ALBRIGHT, ASSISTANT SECRETARY FOR PLANS, 
     PROGRAMS AND BUDGETS, DEPARTMENT OF HOMELAND SECURITY

    Mr. Albright. Thank you, Mr. Chairman, Mr. Waxman, 
committee members. I'm pleased to appear before you today to 
discuss the Department of Homeland Security's implementation of 
the Support Antiterrorism by Fostering Effective Technologies 
Act of 2002 [SAFETY Act]. As you may know, the SAFETY Act 
provides incentives for the development and deployment of 
qualified antiterrorism technologies by creating a system of 
``risk management'' and a system of ``litigation management.'' 
The SAFETY Act is part of the Homeland Security Act of 2002, 
which is the organic legislation of the Department of Homeland 
Security.
    With the creation of the Department of Homeland Security, 
President Bush envisioned an organization that would engage 
entrepreneurs and tap America's inventive spirit in the war on 
terrorism. The Science and Technology Division of the 
Department is specifically tasked with marshalling the 
intellectual capital of the engineering and scientific 
communities to develop fresh and effective approaches to 
safeguard the American public from terrorist attacks. The 
SAFETY Act is an important vehicle for removing obstacles to 
the deployment of these capabilities to the field.
    Now, the purpose of the SAFETY Act is to ensure that the 
threat of liability does not deter potential manufacturers of 
qualified antiterrorism technologies from developing and 
commercializing technologies that could significantly reduce 
the risks or mitigate the effects of large-scale terrorist 
events. The act does create certain liability limitations for 
``claims arising out of, relating to, or resulting from an act 
of terrorism'' where qualified antiterrorism technologies have 
been deployed. The act does not limit liability for harms 
caused by antiterrorism technologies when no act of terrorism 
has occurred, as was pointed out by the chairman.
    Clearly, the issue Congress is addressing concerns the 
uncertain risk environment born out of the threat of terrorism. 
The potential risks and liabilities that stem from the 
technologies deployed in our war against terrorism are very 
difficult to quantify. As a result, in many cases insurance has 
been largely unattainable or so costly as to leave the 
technologies in question without a market. It is hardly 
surprising that companies are unwilling to bet their existence 
by developing and deploying services and products in this 
uncertain climate. This means that key capabilities needed to 
secure the homeland may not be available for deployment. The 
SAFETY Act does serve to encourage the development and 
deployment of antiterrorism technologies that will 
significantly enhance the protection of the Nation by providing 
certain liability protections to allow the vast resources of 
the national research and development enterprise to be engaged 
for securing the homeland.
    Given the significance and complexity of this 
groundbreaking statute, the Department of Homeland Security 
decided to develop and publish a regulation setting forth the 
Department's policies and procedures for its implementation. 
The Department solicited comments on the proposed SAFETY Act 
regulation this summer and published an interim final rule that 
was signed by Secretary Ridge on October 10th, incorporating 
suggestions from many of the thoughtful comments provided by 
almost 45 organizations and individuals during the first public 
comment period. Under the interim rule, we will continue to 
accept and entertain comments as we begin the process of 
executing the act. The Department is, under the rule, 
implementing the SAFETY Act within the Science and Technology 
Division and I, as Assistant Secretary, am responsible for 
evaluating applications and recommending to the Under Secretary 
for Science and Technology whether antiterrorism technologies 
should be approved or rejected for a designation or 
certification under the authority delegated to him by the 
Secretary under the regulation.
    Users of a technology designated as a qualified 
antiterrorism technology under the SAFETY Act enjoy significant 
liability protection. Specifically, liability is limited in 
scope to only the seller of the technology and is limited to an 
amount where the requisite insurance coverage does not 
unreasonably distort the price of the technology. The statute 
provides for a very broad definition of ``technology,'' 
including tangible products, software and services, including 
support services.
    The seven criteria specified in the statute for designation 
of a technology seek, in essence, three kinds of information. 
The first is technical. Does the technology work? Does it 
provide useful levels of performance in scenarios of interest? 
Is it mature? What specific threats does the technology 
address? What is the level of risk exposure to the public if 
the technology is not deployed? And then there are economic and 
actuarial issues. How does the risk of liability affect demand 
for the product toward its deployability? What are the 
liability risks? There are additional criteria associated with 
certification. In particular, detailed safety and hazard data 
are required in the statute in order for a technology to 
qualify for the government contractor defense presumption.
    This presents a very complex and unusual analytic 
challenge. We are striving for consistent and equitable 
methodologies that implement the intent of Congress while 
retaining flexibility to assess the vast array of potential 
technologies within a constantly changing threat environment. 
To do this we have created a SAFETY Act Office to house 
permanent Federal staff to oversee the effort. We have over 100 
government scientists and engineers in the Science and 
Technology Directorate along with the vast resources of our 
national labs to help evaluate the required data and perform 
the requisite analyses.
    We have, to assist us in these efforts, the support of Mr. 
Joe Whitley, the DHS General Counsel. He and his staff have 
played a pivotal role during the rulemaking process and are 
available to address legal policy issues as they arise.
    We have contracted with an FFRDC--or actually, we are in 
the process of contracting with an FFRDC to provide analytic 
support, and they bring a broad-capacity performing requisite, 
proven objectivity and ability to access both classified and 
proprietary data. They also provide a broad and deep capacity 
for performing the requisite economic analyses and have 
supplemented their expertise with specialists from a number of 
academic institutions. We're also working with academia, in 
particular Georgia State University, the University of Georgia 
and others to evaluate actuarial data.
    And then finally, we have contracted with Integrated Data 
Systems to develop and implement a Web-based application and 
evaluation tracking process. This is intended to provide an 
online tracking capability so that businesses can check the 
status of their applications and for the government to 
efficiently evaluate, monitor and archive the application.
    We've implemented a pre-application process to assist 
particularly small businesses in this process so they can get 
an initial read on their application without having to go 
through the trouble and expense of filling the full application 
out.
    Recently, I and my SAFETY Act team went on the road and 
held seminars and fielded questions in Dallas, Los Angeles, 
Atlanta, Chicago and, just this past Tuesday, in Washington, 
DC, to inform the American business community about the act and 
its implementation. The interim rule is in place. The 
application kit is available. The information seminars are 
complete. We are now initiating implementation of the act.
    Thank you for the opportunity to address this important 
issue with you today, and I look forward to your questions.
    Chairman Tom Davis. Thank you.
    [The prepared statement of Mr. Albright follows:]

    [GRAPHIC] [TIFF OMITTED] T1553.005
    
    [GRAPHIC] [TIFF OMITTED] T1553.006
    
    [GRAPHIC] [TIFF OMITTED] T1553.007
    
    [GRAPHIC] [TIFF OMITTED] T1553.008
    
    [GRAPHIC] [TIFF OMITTED] T1553.009
    
    [GRAPHIC] [TIFF OMITTED] T1553.010
    
    Chairman Tom Davis. Mr. Ruppersberger, I know you had to 
make----
    Mr. Ruppersberger. Thank you for letting me go, Mr. 
Chairman. First I applaud the committee and you, Mr. Chairman, 
for holding this hearing today on implementing the SAFETY Act. 
It is refreshing to be assessing the progress of implementation 
as that process is underway. It seems these issues often occur 
and come to our attention after a problem arises. As one who 
was not a Member of Congress when this legislation passed--and 
I understand the liabilities debate that took place--I think 
this oversight hearing is extremely important at this point in 
the process.
    I'm encouraged that Congress is working with the Department 
of Homeland Security and the other stakeholders to acquire the 
technology and tools we need so desperately to protect our 
country. Technology is an integral part of our world today. It 
is a critical tool to solve both business and government 
problems. Never has the need for advanced technology solutions 
been more important than in the war on terror.
    I agree with the research incentives the SAFETY Act 
provided to encourage the private sector to find the best tools 
available to help us achieve this victory but, as we all know, 
technology is not perfect, and there are inherent difficulties. 
Balancing the good with the problematic is the difficult 
challenge the Department of Homeland Security faces today. 
Balancing the realities of indemnity versus immunity is a 
difficult challenge for Congress. I commend the Department for 
making the rule process so open and public, and I hope that the 
comments offered will be carefully reviewed and incorporated 
into the final rule. Thank you.
    Chairman Tom Davis. Thank you very much.
    [The prepared statement of Hon. C.A. Dutch Ruppersberger 
follows:]

[GRAPHIC] [TIFF OMITTED] T1553.143

[GRAPHIC] [TIFF OMITTED] T1553.144

    Chairman Tom Davis. Let me ask, what has taken so long to 
get this thing up?
    Mr. Albright. Well, Mr. Chairman, we--as you know, the 
Department--the SAFETY Act in principle was signed into law on 
January 24th. The departmental resources became available on 
March 1st, and we published a draft rule, as you pointed out, 
this summer. As you well know, this is normally an 18-month 
process to get----
    Chairman Tom Davis. But we're fighting a war on terrorism, 
and we want to get these products in there. If it's business as 
usual in terms of moving things through, we're not going to 
accomplish the mission.
    Now, we had a huge fight on the Hill whether to take Mr. 
Turner's indemnification or to take this. The administration 
wanted this. I actually prefer Mr. Turner's, but I gave 
deference to the administration in terms of the way we do this. 
This act was passed so that we could encourage companies who 
have products that can help us fight the war on terrorism to 
participate in the government procurement process. These are 
companies that traditionally don't do it. That is the goal of 
this legislation, and we have companies out there screaming and 
not knowing what is going on. And, you know, the faster we get 
these products up and running, the safer we are. And I think 
that has been the purpose of it. I mean, Mr. Waxman talked 
about--his example really I don't think is correct under the 
law. My understanding is a SAFETY Act designation isn't valid 
if the technology doesn't perform as it's stated when it's 
approved by DHS. DHS will put the criteria around each approved 
designation. If the criteria aren't met, then there's 
liability. If the criteria are met, then you obviously don't 
have the same vulnerability. That was the purpose of this.
    Mr. Albright. Mr. Chairman, I would agree with you. This is 
not a situation where we want to perform business as usual. As 
I started to say, what we've done is we have taken a process 
that normally takes 18 to 24 months, and we've compressed it to 
7. This is an extraordinarily complex piece of legislation. 
It's short in the act, but it's very complex, and the 
complexities of the implementation are what led us to, in fact, 
publish a rule--have the desire to publish a regulation in the 
first place. And then as I pointed out in my opening comments, 
we've got a lot of very thoughtful responses from industry and 
from individuals about the draft rule that we felt it important 
to carefully consider and include where relevant in the draft 
interim rule. So actually I'm actually very proud of the fact 
that this Department has managed to get, as I said, a very 
lengthy regulatory process compressed to an extraordinarily 
short period of time.
    I do agree with your point. Let me just add that 
technologies that don't work, we intend, for example, to fully 
look at the set of technical data that is available for 
technologies and the test and evaluation data that's available, 
and look at the scenarios that are relevant to those 
technologies, and assess whether or not it, in fact, is 
effective. And if it turns out that it is not effective, then I 
would agree with you. I think that would then cause the 
technology to fall outside the contours of the designation----
    Chairman Tom Davis. Let me ask you this. Since this process 
is so complicated, since it's highly interactive, it's specific 
to each individual application, do we have any internal appeal 
process of the decision by the Secretary? Then it makes sense 
to provide some review process within DHS rather than subject 
applicants in the Department to a court review, which is what 
you get otherwise.
    Mr. Albright. I think actually the way you stated the 
question, that actually is a rationale for why we have not 
included a formal appeal process in this. This is, as you said, 
an extraordinarily complex and nuanced process with a great 
deal of interaction that occurs between the applicant fix and 
the reviewers. To put in an appeals process by someone who 
really hasn't been exposed to that very complex review of 
technical and financial and actuarial data would leave us open, 
frankly, to capriciousness, we think, and second-guessing. Or 
the person who would be conducting the appeal would be in a 
situation where they would just simply ask the Under Secretary 
for their opinion again, and they would get it again. So it 
either would fall into the category of a pro forma appeal or, I 
think, lead us down the path toward a capricious implementation 
of the act.
    Chairman Tom Davis. Well, let me ask you this. Do you think 
you're taking into account the users of the technology and 
their needs as opposed to what you think they need? I mean, do 
you have any conversations----
    Mr. Albright. Absolutely. Of course we're going to consider 
and provide considerable weight to the needs of the user 
community when considering the efficacy of the technology in 
question. There's a wide variety of such needs, and very 
different threat environments, large differences in the 
availability of existing countermeasures, and all of those 
things drove the need to maximize the flexibility of the 
implementation of the act and to avoid a one-size-fits-all 
implementation, as you're implying in your statement--in your 
question.
    It's important to know, however, that translating a user's 
effectiveness needs into measurable technical performance 
parameters is a complex and often difficult process, and as I 
would expect very close interaction between the scientists and 
engineers who must review the technical performance data and 
the user community, which, of course, is--they just want 
something that works.
    Chairman Tom Davis. Thank you.
    Mr. Bell.
    Mr. Bell. Thank you, Mr. Chairman. And thank you for your 
testimony here today.
    Since the Department is now seeking further comment on the 
interim rule, I'm curious as to when we could expect any new 
regulations from the Department coming forward.
    Mr. Albright. Let's see. The comment period is open for an 
additional 60 days, and at that time we would have to assess 
and review the comments and determine what changes are 
necessary in the finalization of the rule, if any, and then we 
would begin the process of finalizing the rule at that time.
    Mr. Bell. How long do you think the review process of the 
comments will take?
    Mr. Albright. It clearly depends on the complexity of the 
comments, but I would expect--in the last case it took a few 
weeks--so I would expect that to be the case this time around 
as well.
    Mr. Bell. As far as a timeline goal, do you have one as 
we----
    Mr. Albright. Let's see. You know, I always hesitate to 
nail myself down to a date, but let's say that--as I said, a 
comment period closes in 60 days; that's mid-December. So 
there's no reason why after the holidays you wouldn't see a 
final rule, say mid-January, something like that.
    Mr. Bell. As the Chair pointed out, it is a rather complex 
process, and I'm curious as to what is in place to protect the 
proprietary information throughout the entire process.
    Mr. Albright. It is our belief and the belief of our 
general counsel that current FOIA exemptions protect the 
proprietary nature of the information that would be provided in 
the application. And then, of course, there's also the Federal 
Trade Secrets Act which provides for criminal penalties for 
those who unlawfully disclose proprietary information to the 
public. So that is our belief at this time. We are, of course, 
continuing to review that. As you know, that is a comment we 
have received. We've received quite a few comments on that 
issue, and so we're continuing to review that, and should we 
find that, in fact, there is a need for additional protection 
of proprietary information, we will certainly work with 
Congress to make that happen.
    Having said that, I should point out that a Federal 
regulation can't trump FOIA, and so that's a statute. So if 
there is, in fact, a need for a change in law, then we would 
have to work with you to make that happen. But otherwise, it is 
our belief at this time that the current regulations, in fact, 
do provide adequate protection.
    Mr. Bell. What are some of the additional protections that 
have been discussed as possibilities?
    Mr. Albright. Well, the exemptions that exist today within 
FOIA, there's two of them. I think it's Exemption 4, which is 
disclosure of proprietary information, and then there's 
Exemption 1, which has to do with national security 
information. And as I pointed out, there's the Federal Trade 
Secrets Act. As I said, at this time we don't believe we need 
additional statutory relief in order to further protect the 
data. However, if, in fact, additional legal analysis indicates 
that there may, in fact, be an issue there, then we would have 
to come back to you with some specific proposals, I would 
suspect. We don't have those right now, though.
    Mr. Bell. And would that be after the comment period if 
that kind of recommendation----
    Mr. Albright. Actually, we are looking at this issue now as 
we speak.
    Mr. Bell. How did the Department determine that liability 
should only be against the seller?
    Mr. Albright. That was in the statute.
    Mr. Bell. And how does the Department decide that the 
designation should only be valid for a term of 5 to 8 years?
    Mr. Albright. OK. Good question. There is no magic to the 
5- to 8-year period. That was a judgment that we came to based 
on our understanding of the technology, the technological cycle 
and the potential changes in the threat environment.
    It's important to understand, though, that the period of 
designation just tells you that period over which you can sell 
technologies that, in fact, have these kinds of protections. A 
technology that is sold during the period over which the 
designation is applicable, those protections exist in 
perpetuity. I mean, we are rendering certain the protections 
granted to the seller for a particular technology. However, 
every 5 to 8 years, depending on the technology, they've got to 
come back and ask us if they can continue to sell that 
technology and continue to get that kind of protection.
    Mr. Bell. Thank you very much.
    Thank you, Mr. Chairman.
    Chairman Tom Davis. Thank you very much.
    The gentleman from Tennessee.
    Mr. Duncan. Thank you, Mr. Chairman.
    Mr. Secretary, I'm curious about how much interest there is 
in this so far. Do you have any idea, a rough guess, as to how 
many applications or any indications as to how many 
applications you might be receiving on this?
    Mr. Albright. Sir, that's an excellent question. So far 
we've received a very small number of applications. We hear 
anecdotally there is pent-up demand, but I couldn't tell you if 
we're going to get 50, 500 or 5,000.
    Mr. Duncan. How many people from the private sector have 
been showing up at these seminars or meetings that you've been 
holding?
    Mr. Albright. The one we had in Washington, DC, for 
example, had over 200 people present.
    Mr. Duncan. What about outside of Washington?
    Mr. Albright. Outside of Washington it ranged from 50 to 75 
typically.
    Mr. Duncan. And how many comments have you received thus 
far roughly?
    Mr. Albright. During the rulemaking process we received 
comments from 45 organizations. The total number of comments I 
don't have off the top of my head. It was----
    Mr. Duncan. And have almost all of these comments been 
favorable or supportive, or have some of the comments pointed 
out problems or questions about the law thus far?
    Mr. Albright. You're referring to the comments we got when 
we were out on the road in places around the country? I would 
say that the vast majority of comments we got were 
extraordinarily favorable. In fact, a uniform comment we got 
was they couldn't believe the Federal Government was doing 
this, going out and reaching out to the community in the way we 
were. But still this is a very complex rule, and it is 
something that needed to be explained. No, I don't recall any 
direct negative comments on the rule.
    Mr. Duncan. All right. Thank you very much.
    Chairman Tom Davis. Thank you very much.
    Mr. Schrock, questions?
    Mr. Schrock. Thank you, Mr. Chairman.
    Mr. Secretary, in putting forth the rules to implement this 
act, has DHS found specific statutory limitations that in your 
estimation hinder the full realization of the act, and if so, 
what recommendations do you have to the committee for potential 
changes to this act?
    Mr. Albright. That's an----
    Mr. Schrock. Is it going to be substantive enough for 
people to say, ``OK, we trust the government?'' Because as you 
said, whenever the government shows up with a briefcase and 
says, ``I'm here to help,'' people are automatically 
suspicious.
    Mr. Albright. Well, we've done everything we can to try to 
change that attitude with the private sector. I would say that 
I think it's premature to discuss any potential changes to the 
act. I think, as with anything that's as groundbreaking as this 
legislation is, I would not be at all surprised that as we get 
into the implementation process and start to execute the act, 
we're going to find a lot of issues that we may at some point 
come back to you and ask for some statutory relief. But right 
now I think it would be premature for me to say that there's 
anything that leaps out at us as being problematic.
    Mr. Schrock. I can certainly understand why the private 
sector would be hesitant to produce anything that might be put 
in place that they could get sued over. You know, suing is a 
national pastime in this country. Until last night we thought 
baseball was. I think that worries me, because we've got some 
wonderful technology out there, and I'm afraid we're going to 
stymie those folks who would come up with the technology, 
because they're scared to death they will get sued. I really 
worry about that.
    Mr. Albright. We couldn't agree with you more. We've heard 
anecdotally that contractors are having riders attached to 
their insurance forms that don't apply to--I mean, you're 
absolutely right. So we are obviously on board with this 
landmark legislation, and our job is to implement it as 
efficiently as we possibly can.
    Mr. Schrock. Thank you.
    Chairman Tom Davis. Thank you very much.
    Mr. Carter, any questions?
    Mr. Carter. Thank you, Mr. Chairman.
    Mr. Secretary, will the DHS utilize an expedited renewal 
process for applications?
    Mr. Albright. A renewal process for applications? Yeah. I 
think the answer is yes.
    Mr. Carter. Expedited?
    Mr. Albright. Sure. If the technology hasn't substantially 
changed, if the insurance regime that they are operating in 
hasn't substantially changed, and the threat environment hasn't 
substantially changed, then I would imagine it would be fairly 
straightforward.
    Mr. Carter. And how do you intend to deal with new 
developments to a particular antiterrorism technology that 
occur after it has received the designation to ensure that 
these developments are covered and can be deployed 
expeditiously?
    Mr. Albright. Well, there's two answers to that. Let me 
first start by saying that the SAFETY Act doesn't alter the 
competitive environment that the private industry operates in. 
So, for example, if you have a particular technology, and you 
have received SAFETY Act designation, and I have a technology 
that performs more or less the same function but can do it 
better, then I ought to be encouraged by the fact that you 
have, in fact, already received SAFETY Act designation and will 
go out and develop that product and apply for SAFETY Act 
designation and will compete with you in the marketplace.
    Mr. Carter. That is not what I really intended. What I 
intended was, let's say I have a product that's been approved, 
and because my company does--continues, we come up with a 
better mouse trap, we've got a better idea, a way to improve 
what we've already had approved by you. Can you--is that going 
to be the--redo the whole process, or will there be a method 
where you can shorten the process to add the technology?
    Mr. Albright. No. In fact, we have in the rule in our 
implementation process--what we have done is we have set the 
system whereby any substantial change, a significant change or 
modification to the device--actually, we are requiring, much 
like the FDA does, that people who make substantial changes to 
a device or a technology come to us and tell us about it, and 
then we will issue a certificate that says that, in fact, this 
is OK, that you can do this. And so we see that there's a 
significant benefit to that, which is what you just 
articulated, and that is that it prevents the developer or the 
seller from having to go through the process all over again. 
They can just simply come in and say, ``Hey, look, I've decided 
to quit making this out of plastic, I'm going to make it out of 
steel now,'' and we'll do a quick review of it to make sure 
there aren't any other changes and just simply issue them a 
certificate that allows them to keep their designation.
    Mr. Carter. Thank you. That answered my question.
    Thank you, Mr. Chairman.
    Chairman Tom Davis. Thank you very much.
    Mrs. Maloney, any questions?
    Mrs. Maloney. Thank you for having the hearing, and if I 
could place my opening comments in the record.
    Chairman Tom Davis. Absolutely. Without objection.
    [The prepared statement of Hon. Carolyn B. Maloney 
follows:]

[GRAPHIC] [TIFF OMITTED] T1553.011

    Mrs. Maloney. I think this is a very serious issue and one 
that needs balance. Just from New York City, we're still 
reeling from some of the aftermath of really being supportive 
to the contractors who rushed to the scene to save the lives of 
others, and now they're facing certain liability issues, when 
all they were trying to do was save the lives of others 
selflessly. So it's a very important area and one that needs 
review, and I am glad that we're having it.
    I'm interested in the new technologies you're seeing. In 
New York the telephones didn't work, the radios didn't work, 
and to this day they still don't work. Are you seeing new 
technologies on radios that could be implemented around the 
country for homeland security?
    Being a New Yorker, I'm concerned about the power grid. We 
just had a power grid shortage, and fortunately it was in the 
middle of the summer so we didn't lose any lives. If it had 
happened in the middle of the winter, people would have frozen 
to death. And I'm wondering, are you seeing new technologies 
for a power grid, and how we can protect this?
    Actually, Mr. Chairman, I think it might be interesting new 
technologies that we're seeing for homeland security, that you 
may be reviewing or seeing in the application process; it might 
be something that we might want to look at that we could take 
to our districts. And I would just like some comments on what 
new technologies are you seeing that you think would really be 
helpful to the country?
    Chairman Tom Davis. Mrs. Maloney, I think one of the 
problems is a lot of these technologies are hesitant to come 
forward until we get these regulations nailed down in a way the 
companies are willing to come forward and not incur a lot of 
liability. I mean, that is the issue. There are a lot of them 
out there. I'm sure you've seen a part of it, but there are----
    Mr. Albright. We've seen an enormous flood of people with 
excellent ideas, and they come from not just the people you'd 
expect them to come from, the big companies, the Lockheed 
Martins, those sorts of people. We see them from people--
inventors in garage shops, and there's been a flood of 
technology that has been coming at us over the past year and a 
half. I was at the Office of Homeland Security prior to my 
current position, and I saw a lot then, and I'm seeing a lot 
now.
    With regard to communications, I'd be happy to arrange to 
have a briefing with this committee on Project SAFECOM, which 
is managed by the Science and Technology Directorate in the 
Department. It is focused entirely on developing and 
implementing new technologies and standards for those 
technologies, not just for interoperable communications, which, 
of course, was one of the big issues that you had in New York 
right after September 11. We're all familiar, for example, with 
the story that the police department couldn't warn the fire 
department to get out of the second building.
    But also robust communications, your point is very well 
taken that when we talk to the user community, which we do 
spend a lot of time doing, their No. 1 priority is--obviously 
they're interested in interoperable communications, but they 
also want the communications that they have just within their 
own particular organization to work and continue to work in a 
robust fashion.
    So, yes, the answer is there's lots of ideas out there. We 
have programs in place to develop them, and I would be happy at 
some point to brief you on them.
    Mrs. Maloney. I'd like to say that during September 11, not 
only could they not talk--the police talk to the fire, but the 
fire couldn't even talk to each other.
    Mr. Albright. Exactly.
    Mrs. Maloney. So they couldn't even warn people that they 
were getting calls in from people in the buildings that had 
phones or cells or Blackberries or whatever, and they couldn't 
communicate to the people on the site where to go.
    And I want to share with my colleagues, when I went to the 
police station, they said the No. 1 thing they needed was 
radios. And so I thought, ``Who's got radios?'' The Defense 
Department. So I called Bill Young, and Bill Young organized a 
shipment of radios from the Defense Department to come into the 
fire and police so that they could communicate at Ground Zero. 
So that's one thing that this Congress organized the day after 
September 11.
    But I'm told they still can't communicate, and I would like 
to ask if the chairman could arrange that for Members that 
might be interested in it. I feel that if you can't communicate 
with each other, how can you solve a problem, a crisis? And 
regrettably, that is the world we live in now, and I look 
forward to working with you and with the other members of the 
committee on coming forward with a balanced solution that 
protects the individuals and protects the companies. So I thank 
you for your work.
    Chairman Tom Davis. Thank you very much.
    Let me just ask one last question. Once a company's product 
or service receives SAFETY Act designation certification, it's 
conceivable that this company could then have a very 
competitive advantage in the marketplace. As you adopt the 
rules, how do you view that? Is that a concern? Is it just the 
way it happens? Are there any specific provisions you've 
included in the interim rule to guard against a potential 
competitive advantage?
    Mr. Albright. No. Well, we certainly have thought about 
that, but, again, the SAFETY Act is not designed--we're not 
going to try to necessarily level the playing field among 
various technologies. In other words, if you have a contractor 
that sells a particular technology for a particular threat 
environment fix, and they happen to hustle up there and apply 
for SAFETY Act designation and get SAFETY Act designation, and 
then another competitor who chose--who sells perhaps 
substantially the same technology in the same threat 
environment, they may be--but doesn't hustle to get that 
application, then they may be a bit behind the power curve.
    However, having said that, we also in the regulation talked 
about the fact that we'll give great weight to what are called 
``substantially equivalent technologies.'' So if you have a 
technology that is basically the same as one that has already 
been approved, you will almost certainly get an expedited 
review.
    Chairman Tom Davis. Mr. Schrock.
    Mr. Schrock. Mr. Chairman, let me just ask one more thing. 
Can technology that already exists be designated as a qualified 
antiterrorism technology under the interim final rule? And can 
you explain the difference between technology that has been 
previously sold versus technology that has been previously 
deployed? I think the commercial folks are asking that and want 
to know the answer to that.
    Mr. Albright. The term ``deployment'' in the SAFETY Act is 
a purely technical matter, and what it means, in effect, is 
that something that has been fielded proximate to an act of 
terrorism, either--so technologies that have been--technologies 
that receive anti--the SAFETY Act designation will only get 
that designation if they have been deployed prior to the term 
over which the designation applies, and there's an important 
reason for that. We do not want to go backward in time and 
unravel causes of action that may have already accrued, you 
know, due to a prior event, for example.
    But having said that, we also understand that there are 
technologies that have been sold and fielded that pass all the 
technical criteria and meet all the various criteria associated 
with the SAFETY Act. And so the Under Secretary can, in fact, 
designate technologies that have been sold past a point, past a 
date of sale that is prior to when the designation is actually 
granted. And what that does is that relieves you of--let me 
give you an example of the situation where you could get an 
absurd result if you didn't do that. You may have technologies, 
for example, that are not widely deployed, they're extremely 
expensive, and the reason they're so expensive is because the 
cost of risk mitigation for them is very, very high. So you may 
have a jurisdiction, like, for example, Fairfax County, that 
can afford those technologies, and you may have other 
jurisdictions that cannot. And the Department of Homeland 
Security may decide that it's in the best interest of the 
Nation to assure a more wide deployment of that technology. OK. 
So that would then make that technology eligible for SAFETY Act 
protection. That would be if it passes all the other criteria. 
And we would so designate it. Having done that, the 
technologies that were sold in my example in Fairfax would fall 
into that category and would also receive the designation.
    Mr. Schrock. So people who have technology already before 
the next attack comes, are you saying they need to get to DHS 
to get the DHS stamp of approval?
    Mr. Albright. You've got to be a little bit careful, 
because, for example, the purpose of the SAFETY Act, as the 
chairman, for example, pointed out, is to assure that the 
technologies that would not otherwise be deployed to the extent 
that they need to be deployed are deployed.
    If we have technologies that are out there, and they are 
deployed to the extent they want to be deployed, and the 
insurance regime is acceptable to them, then it's hard to 
imagine that it was the intent of Congress to somehow indemnify 
them when, in fact, the purposes of the act have already been 
achieved, they have, in fact, been deployed.
    Now, of course, insurance environments change. There's a 
lot of stuff that was out there before September 11 that now 
can't get insurance. They've had riders attached to their 
policies, for example, and so, yeah, under those circumstances 
we would have to go back in and look carefully at the 
technology, review it and see if it should, in fact, receive 
the designation.
    Mr. Schrock. The premiums on these things, the insurance 
has to be out of sight.
    Mr. Albright. That's right. And so, again, prior deployment 
doesn't necessarily preclude designation. However, it doesn't 
form the decision.
    Mr. Schrock. Thanks. Thank you.
    Chairman Tom Davis. Mr. Carter, any additional questions?
    Mr. Carter. Thank you, Mr. Chairman.
    You've indicated that the application process will be 
interactive between DHS and the applicant. What assurances can 
you give us that the applicants will not be faced with 
information requests that are burdensome and will delay the 
certification of the product?
    Mr. Albright. We have an application. It's available on the 
Web today. We don't think it's burdensome. It's been through 
the regulatory process at OMB. They don't think it's 
particularly burdensome.
    I guess what I would say is that we have a set of criteria 
the statute requires us to evaluate, and that's our job to do 
what Congress told us to do in this case. We have asked for 
what was, in our view, the minimal amount of information needed 
in order to do what Congress told us to do. As I said in my 
opening statement, we are asking for whatever available data 
there may be to show that the technology is technically 
effective. We're asking contractors to tell us what the 
liability regime--what their risks are, what they feel their 
risks are, what the scenarios are that they think that this 
technology is going to be applicable for. And we're asking them 
to tell us something about what it takes to produce--what is 
the actual basis for the cost of the technology. After all, we 
are supposed to set the price of the liability risk--the risk 
insurance to be at a level that doesn't unnecessarily distort 
the price of the technology. To do that, we have to know the 
price of the technology, and so--and know the basis for that 
price.
    As I said, we have a heavy burden here to bear. I mean, 
after all, at the end of the day we are granting designation 
and, in effect, limiting the liability for people who might 
want to recover damages at some point. That's a burden that 
we're bearing, and we have to, I think, be very diligent in our 
review of the data to--and our request for data to assure that 
we have the information we need to have to evaluate the 
criteria.
    Mr. Carter. Well, I understand that, and that's talking 
about your application. It's been estimated by someone that it 
would take about 108 hours to fill out that application, but in 
an interactive situation where the developer or applicant is 
dealing interactively with a member of your organization, which 
means that other requests could be made of him, we need 
additional information, I'm just asking that could easily 
become burdensome, especially if someone had just got up on the 
wrong side of the bed some morning. They can make that very 
burdensome.
    Is there going to be some kind of criteria that keep that 
from being burdensome? And I can tell you from personal 
experience that I've dealt with Federal bureaucrats that if 
they got up on the wrong side of the bed could make life 
burdensome.
    Mr. Albright. Let me try and answer the question--maybe I 
can answer the question this way. Did you say someone told you 
it was 100 hours or days to fill out the application?
    Mr. Carter. They said hours. If it's days, that's pretty 
rough. Hours is rough.
    Mr. Albright. 100 hours is rough, but it's not overly 
rough, I would say. The way I would put it is that the 
Department of Homeland Security wants this legislation to 
succeed. We want this to work. As I've said, we've been very 
open. We've published this regulation with a comment period. We 
have, in fact, delayed release of the act from the date we 
originally said we would in order to assess those comments. We 
have an interim final rule where we are meeting for open 
comment. We've gone out on the road all over the country. I 
personally have done that with all of my staff to get input 
from the private sector, and we will continue to do that, 
because we really want this to work. And so if, in fact, it 
turns out to be the case that the balance between the burden on 
the seller and our ability to perform due diligence in the 
review of the application has gotten out of whack, then we will 
be the first people to try to go and fix that.
    Mr. Carter. And on the previous question, just out of 
curiosity for me, I'm making some assumptions, but I want to 
see if I've got them right. On a situation where there's 
existing technology that is deployed, the previous question 
that was asked, and they apply for the SAFETY Act, and the 
SAFETY Act assurances are granted, do you see that as 
grandfathering in all the previous implementation or not 
grandfathering it in?
    Mr. Albright. No, not grandfathering in all the previous 
implementation. For example, a lot of technologies have been 
deployed for purposes that have nothing to do with 
counterterrorism. Military technology is a perfect example of 
that. And the requirements threat, the set environment is very, 
very different. So, no, we're not going to grandfather things 
in.
    However, having said that, you know, if the insurance 
regime has--if you have a bunch of technology that is already 
out there and has been deployed, it's even been deployed for 
counterterrorism purposes, and the insurance regime that they 
are operating in has changed dramatically, so now they're 
literally taking the technology off the street, for example, in 
order to protect themselves, then you can bet we're going to 
look at that and expeditiously review those applications and 
make sure that doesn't happen.
    Mr. Carter. Thank you, Mr. Chairman.
    Chairman Tom Davis. Thank you very much. I don't see any 
other questions at this point. Thank you very much for being 
with us. We'll continue the dialog. We will take just a 2-
minute break while we get our next panel up here.
    [Recess.]
    Chairman Tom Davis. We are ready to start our second panel. 
We've got Harris Miller, the president of the Information 
Technology Association of America; Stan Soloway, the president 
of the Professional Services Council; and John Clerici, 
representing the U.S. Chamber.
    It's the policy of the committee that we swear you in 
before you testify, so if you would rise with me and raise your 
hands.
    [Witnesses sworn.]
    Chairman Tom Davis. Thank you very much.
    Harris, we will start with you; then Mr. Soloway; and then, 
John, you will be able to clean that up. Thank you all for 
being with us.

    STATEMENTS OF HARRIS N. MILLER, PRESIDENT, INFORMATION 
TECHNOLOGY ASSOCIATION OF AMERICA; STAN Z. SOLOWAY, PRESIDENT, 
 PROFESSIONAL SERVICES COUNCIL; AND JOHN M. CLERICI, ESQ., ON 
             BEHALF OF THE U.S. CHAMBER OF COMMERCE

    Mr. Miller. Mr. Chairman, members of the committee, many 
thanks for having me here today to allow ITAA to testify on the 
implementation of the SAFETY Act. This important legislation, 
as you noted, Mr. Chairman, is intended to facilitate the rapid 
development and deployment of technologies and services that 
offer remarkable potential to improve homeland security.
    I'm the ITAA president. ITAA is the Nation's leading and 
oldest trade association focusing on the diverse IT industry. 
It provides global public policy and national leadership to 
promote its continued rapid growth. We represent virtually 
every major Federal contractor and count among our membership a 
wide range of companies from the largest enterprise solutions 
providers to the smallest IT startups. We also serve as the co-
sector coordinator for the ICT sector as designated by DHS. I 
submitted my program statement for the record, Mr. Chairman, 
and I assume it will be included in the hearing record. I would 
like to extend my appreciation, Mr. Chairman, for your holding 
this important hearing today, one that was postponed while DC 
grappled with something even the SAFETY Act could not prevent 
during Hurricane Isabel.
    Let's be clear what this legislation is about. The citizens 
of this country look to government to protect our homeland. 
Government, in turn, wants to partner with industry to find the 
best technologies to fight terrorism. Effective implementation 
of the act is absolutely essential; on the other hand, poor 
implementation would inhibit access to great technologies.
    In Spring 2002, soon after September 11, I began to hear 
extremely serious concerns from member companies, large and 
small, about some Federal agencies wanting successful bidders 
on key contracts to indemnify the government against the risk 
of loss if an unforeseen problem arose on an antiterrorism 
technology solution under consideration by DHS. Insurers did 
not know what to make of such requests and were not prepared to 
insure against such requests. These requests for 
indemnification made CEOs and our member companies stop in 
their tracks and ask themselves whether they were willing to 
literally bet the company on a decision to obtain a Federal 
contract. There had to be a better solution than having the 
private sector self-insure and indemnify the government against 
loss. Your leadership and that of Congressman Turner were 
instrumental in focusing attention on this important issue, and 
eventually led to implementation and passage of the SAFETY Act, 
which, as you've correctly pointed out, is meant to limit, but 
not eliminate, the insurance risk and litigation costs to 
companies that do have qualifying technologies.
    ITAA has been very involved in the regulatory process to 
implement the SAFETY Act. We were one of the organizations that 
Dr. Albright referred to that provided extensive comments on 
the proposed rule, and we have been participating in the 
various parts of the road show that he described. We filed 
comments back in August. Frankly, we were pretty pleased with 
where DHS was heading, and we are still pleased with the 
overall positive approach. However, I would slightly disagree 
with something Dr. Albright said during his comments.
    I think industry is pleased that DHS is doing it. I think 
the concerns we have are how DHS is doing it, and that's what 
we're going to focus on today. For example, we are concerned 
with how DHS is going to go about prioritizing the application 
process. Congressman Duncan asked about how many applications 
they are likely to receive. I agree with Dr. Albright, no one 
really knows. But we have seen a tremendous amount of interest 
among membership. Programs that ITAA has done, including the 
program with you, Mr. Chairman, and Congresswoman Maloney in 
New York City recently, a program I did as recently as 
yesterday, in which I, explaining opportunities at DHS, time 
and time again questions came up about liability concerns. So, 
certainly, there are a lot of companies out there, technology 
companies, that are concerned about how this act is going to be 
implemented. So, I suspect it's going to be very important that 
the DHS come up with a clear policy to prioritize the 
application process.
    A second concern we have is that at times in the interim 
final rule, it suggests that the only group to benefit from 
this rule are going to be government contractors, rather than 
the American people. That is not true. Yes, it is true that 
getting the designation is a privilege, but the whole point of 
the act, as you pointed out, Mr. Chairman, and as DHS itself 
says, is to encourage a partnership; but you're not going to 
have a partnership if the partners do not start from the same 
premises.
    Let me give you an example. The Department's proposed rule 
says that the insurance of critical technologies to aid the war 
on terrorism could end up actually coming full circle. We 
started down this legislative road because the government was 
asking private companies to indemnify and, if necessary, to 
self-insure to sell to the government. The SAFETY Act, as you 
pointed out, is meant to solve this problem, but what happens 
if insurance cannot be obtained for technology at any cost that 
does not distort the price of the technology in ways the act 
protects against? What happens if that uninsurable technology 
is still needed by the government? As outlined in the interim 
final rule, DHS still wants the company to self-insure, so it 
seems we are back to the same place.
    A third concern has to do with the volume and kind of 
information that would be required. Congressmen in the last 
panel were asking about the number of hours that go into an 
application. DHS is estimating 180 hours, Congressman. Our 
companies looking at these applications think they may be 
closer to 1,000 hours. Now, that's an extremely heavy burden 
for a large company. It's a virtually impossible burden for a 
small to medium-sized company. We think we need to cut down 
this application process and make it much more manageable if we 
are really going to get the kind of applications we need to 
help protect the American people against terrorist attacks.
    The last issue I want to mention, Mr. Chairman, is the 
issue of confidentiality. We respectfully disagreed with the 
assessment of DHS that the current FOIA legislation gives 
adequate protection to the extremely sensitive data companies 
are going to have to share, and we have devised specific 
suggestions to DHS as to how to provide adequate protection, 
including using the FOIA exemption that you helped to pass 
through the Congress last year, or 2 years ago rather, as part 
of the DHS legislation, so we think that this issue of 
providing information and giving adequate protection needs to 
be tightened.
    Final point, Mr. Chairman: We don't think that DHS would 
further delay the implementation process, but the application 
kit which just became available yesterday is daunting. So 
basically what we are saying, Mr. Chairman, is, we hope DHS, on 
the one hand, will move ahead right away and begin accepting 
applications, but should it turn out that this application is 
too difficult to use, as we believe it is, we hope that DHS 
would quickly modify it down the road and not be locked into 
the application kit which was published yesterday.
    Thank you very much, Mr. Chairman. I look forward to 
questions from you and your colleagues.
    Chairman Tom Davis. Thank you very much.
    [The prepared statement of Mr. Miller follows:]

    [GRAPHIC] [TIFF OMITTED] T1553.012
    
    [GRAPHIC] [TIFF OMITTED] T1553.013
    
    [GRAPHIC] [TIFF OMITTED] T1553.014
    
    [GRAPHIC] [TIFF OMITTED] T1553.015
    
    [GRAPHIC] [TIFF OMITTED] T1553.016
    
    [GRAPHIC] [TIFF OMITTED] T1553.017
    
    [GRAPHIC] [TIFF OMITTED] T1553.018
    
    [GRAPHIC] [TIFF OMITTED] T1553.019
    
    [GRAPHIC] [TIFF OMITTED] T1553.020
    
    [GRAPHIC] [TIFF OMITTED] T1553.021
    
    [GRAPHIC] [TIFF OMITTED] T1553.022
    
    [GRAPHIC] [TIFF OMITTED] T1553.023
    
    [GRAPHIC] [TIFF OMITTED] T1553.024
    
    [GRAPHIC] [TIFF OMITTED] T1553.025
    
    [GRAPHIC] [TIFF OMITTED] T1553.026
    
    [GRAPHIC] [TIFF OMITTED] T1553.027
    
    [GRAPHIC] [TIFF OMITTED] T1553.028
    
    [GRAPHIC] [TIFF OMITTED] T1553.029
    
    Chairman Tom Davis. Stan, welcome.
    Mr. Soloway. Thank you, Mr. Chairman.
    The professional Services Council is pleased to respond to 
your invitation to testify this morning on the SAFETY Act. PSC 
is the leading national trade association representing the 
professional and technical services companies doing business 
with the Federal Government, and our members are among the 
leaders in the provision of homeland security and national 
security technologies and related services.
    As we know, effective prosecution of the war on terror 
requires that the U.S. Government and others have access to the 
full range of technologies and technology-based solutions. For 
many of these solutions, the potential for aiding in this 
crucial battle are quite significant, but so too are the 
liabilities. As such, providing an appropriate degree of 
protection against those liabilities is vital.
    Such liability protection for other technology areas is 
both common and accepted; for example, the Defense Department 
has long had the authority to address extraordinary risks in 
its contracts. The security provided is essential to both 
contracting parties. These and related liability protections 
are not designed to protect companies from their day-to-day 
responsibility for performance. Rather, they exist to provide a 
reasonable degree of protection in the event of an occurrence 
that is anything but routine.
    Our ability as a Nation to capture and utilize needed 
technology for homeland security requires us to understand and 
address this fundamental reality. As such, PSC and others have 
been actively involved in the discussions over the acquisition 
policy and liability protection provisions of the legislation 
creating the Department of Homeland Security and under the 
SAFETY Act.
    Mr. Chairman, you and others on this committee immediately 
recognized the importance of this issue and proposed 
legislation to extend indemnification protections to 
antiterrorism technologies, similar to the ``extraordinary 
relief'' provisions afforded to defense technologies. We 
supported that proposal and continue to believe it is an 
important part of the solution. Others proposed a tort reform 
approach to strictly limit the liabilities that any one 
technology developer-owner would face. Each of these approaches 
has merit. Most importantly, Congress recognized the importance 
of providing such protections and, in the end, decided to enact 
a tort reform regime through the SAFETY Act. PSC strongly 
supports the act and compliments the Department for issuing its 
interim final rules this week.
    The SAFETY Act represents an important step toward ensuring 
the government's ability to access the full scope of 
antiterrorism technologies and capabilities. However, from the 
perspective of the technology services base, PSC remains 
concerned that the regulations do not adequately address the 
critically important specifics relating to the act's 
application to services in particular. Since services will 
account for a substantial portion of the procurements of the 
antiterrorism technologies and solutions, this is an issue of 
significant importance.
    The very nature of technology means that the provision of 
services differs in many critical respects from the provision 
of goods. It is important, for instance, to recognize that the 
services provider might require qualification eligibility for a 
broad business area, rather than for a discrete technology use. 
The interim rule narrowly prescribes the scope of coverage by 
focusing on a deployed technology.
    Similarly, the review and approval process must be 
sufficiently flexible to address the special characteristics of 
these services offerings. For example, many solutions evolve 
and cannot be completely defined or fixed in advance. It is 
therefore important to provide coverage when systems design, 
for instance, is part of the contract performance. The 
regulations seem to assume the opposite. In the absence of such 
protections, sellers may be unwilling to bring technologies to 
market.
    On the positive side, we compliment the Department for 
outlining in the notice accompanying the proposed interim rules 
the Department's regulatory philosophy and interpretations. To 
add further clarity, we recommend that the Department 
incorporate these statements and views into the final 
regulations themselves. That way, all participants will have 
ready access to the information and be able to use that 
information directly in the application and interpretation of 
the specific provisions of the regulations.
    We also support the strong statutory and regulatory 
statements of coverage regarding services. The law is also, 
properly, technology-neutral with respect to the scope of 
coverage and the protections offered. In our view, the 
regulations must be written in a neatly technology-neutral 
manner to the maximum extent practicable.
    We support the broad definition of the term ``qualified 
antiterrorism technologies'' under the law and regulations. The 
categories of technologies that are available for designation 
must continue to be viewed broadly. This is particularly 
important in the services sector.
    However, the interim rule states that a designation will 
only be valid for being 5 to 8 years. In our view, absent the 
change in circumstances initiated by the seller after the 
Department's approval of the designation, there is no public 
policy reason to impose any fixed period of time on the useful 
life of the designation period. Further, under the interim 
rule, a designation will terminate automatically and have no 
further force or effect if the solution is significantly 
changed or modified. We strongly oppose the automatic 
termination of the designation. We believe each case will have 
its own circumstances and should be treated as such, 
particularly in the services realm where the focus is on 
evolving solutions, rather than on static devices.
    With respect to the certification of an application of a 
government contractor, we encourage the Department to use its 
rulemaking authority to recognize that some of the information 
to support applications for certification may be available and 
applicable to products but not for services.
    With respect to the issue of proprietary information, the 
interim rule, while appropriately recognizing the importance of 
such protection, regrettably does not define the procedures 
that applicants should follow to ensure that their proprietary 
data and trade secrets are protected. We strongly recommended 
before and continue to recommend that the Department develop a 
proprietary data-marking or other application notice by which 
applicants highlight or disclose those portions of the 
application that are proprietary.
    Finally, with respect to the relationship between the 
SAFETY Act and Public Law 85-804, ``Extraordinary Relief,'' we 
compliment the Department for acknowledging the 
interrelationship between these two important government 
contracting statutes and for recognizing that there are 
circumstances under which 85-804 relief will be appropriate. 
However, because there are some intrinsic and potentially 
unsolvable tensions associated with the SAFETY Act's 
effectiveness in the services sector, we continue to believe it 
important that the 85-804 authorities be clear and 
appropriately available. We recommend, therefore, that the 
Department create a new section in the regulations to 
specifically address this important matter.
    Mr. Chairman, PSC supports the SAFETY Act and encourages 
the Department to move expeditiously with finalizing 
regulations, processing applications, and addressing the issues 
that we and others have raised. This law, in its implementing 
regulations, is designed to create an incentive for the 
deployment and development of technologies that will enhance 
our domestic security; and we hope these technologies work so 
well the United States never again faces a terrorist attack, 
but we must be prepared.
    PSC would welcome the opportunity to work with you and the 
committee, the House Select Committee, and the Department on 
the further development of the regulations and in monitoring 
the implementation of the SAFETY Act. Thank you for the 
opportunity to testify today. I would be happy to answer any 
questions.
    Chairman Tom Davis. Thank you very much.
    [The prepared statement of Mr. Soloway follows:]

    [GRAPHIC] [TIFF OMITTED] T1553.030
    
    [GRAPHIC] [TIFF OMITTED] T1553.031
    
    [GRAPHIC] [TIFF OMITTED] T1553.032
    
    [GRAPHIC] [TIFF OMITTED] T1553.033
    
    [GRAPHIC] [TIFF OMITTED] T1553.034
    
    [GRAPHIC] [TIFF OMITTED] T1553.035
    
    [GRAPHIC] [TIFF OMITTED] T1553.036
    
    Chairman Tom Davis. Mr. Clerici, welcome.
    Mr. Clerici. Thank you, Mr. Chairman, and members of this 
committee. It's an honor for me to testify before you today 
regarding the SAFETY Act and its impact on deploying safe and 
effective antiterrorism technologies in the United States and 
abroad. I applaud the leadership that you, Mr. Chairman, and 
this committee have shown in the areas, of Federal procurement 
policy, national security and homeland security.
    I appear before you today representing the Chamber of 
Commerce of the United States of America. The Chamber is the 
world's largest business federation, representing more than 3 
million businesses and organizations of every size, sector and 
region. My testimony is based on over 24 months of direct 
experience advising large government contractors, 
pharmaceutical companies, biotech companies, and small 
businesses throughout America and, indeed, throughout the 
world, on how to bring the best possible homeland security and 
antiterrorism solutions to both government and private markets.
    Let me begin by saying that the Chamber applauds the 
Department of Homeland Security in its effort to ensure that 
the SAFETY Act provides the full protections intended by 
Congress. Clearly, the interim regulations' dual goals of 
certainty and flexibility are in keeping with the spirit of the 
SAFETY Act. Most significantly, the Chamber wholly endorses the 
Department's proper interpretation of both the jurisdictional 
consequences of the statute--namely, that only the seller of 
designated and qualified antiterrorism technologies is a proper 
defendant in any action arising out of an act of terrorism--and 
the impact of the statutory ``government contract or defense'' 
as providing early dismissal from any tort suit involving a 
certified qualified antiterrorism technology following an act 
of terrorism.
    The Chamber appreciates the Department's and this 
committee's recognition here today that there exist a number of 
antiterrorism technologies that have not and cannot be deployed 
by sellers unless and until they receive designation and/or 
certification under the SAFETY Act. The Chamber applauds this 
recognition and the Department's efforts to stimulate 
applications, including its innovative preapplication process. 
The Department also acknowledges that several technologies 
already have been deployed without protections of the SAFETY 
Act. However, while the interim rules attempt to address the 
issue of retroactive application of the protections of the 
SAFETY Act to such technologies, as we heard earlier today in 
response to Congressman Schrock's question, the Department 
appears to have too narrowly limited the possibility of such 
retroactive application. Clearly, Congress did not intend to 
limit the scope of the SAFETY Act only to newly developed 
technologies.
    With respect to the retroactive application of the SAFETY 
Act, in the Chamber's view, so long as no cause of action has 
been accrued--that is, there has been no terrorist incident 
involving an antiterror technology resulting in a lawsuit 
against a seller--the Department may provide SAFETY Act 
protection retroactively to previously deployed technologies 
that are substantially identical to a qualified antiterrorism 
technology. Nothing in the statute limits such an action. The 
Chamber intends to provide additional comments to urge 
clarification of this point and changes to the interim rule.
    With respect to the precise types of technologies meriting 
protection of the SAFETY Act, Section 865(l) of the act notes 
that qualified antiterrorism technologies may include 
technologies deployed for the purpose of, ``limiting the harm 
such acts [of terrorism] might otherwise cause.'' The ``harm'' 
that might be caused by an act of terrorism clearly goes beyond 
the immediate effects of the act itself. An act of terrorism 
such as the attacks of September 11 or the October 2001, 
anthrax attacks triggers a number of immediate remedial and 
emergency responses to limit the resulting harm and deter 
followup attacks. For example, immediately following the 
detection of anthrax in the offices of Senator Tom Daschle and 
Senator Patrick Leahy, Members of Congress and their staffs 
were treated with antibiotics and other prophylactic measures 
with the specific goal of limiting the harm that this act of 
terrorism could cause. Clearly, any injuries that might have 
been caused by the administration of these treatments, even 
though direct results of the act of terrorism itself, could be 
directly traced to the act and the objective of limiting the 
resulting harm. Moreover, any claims brought as a result of 
such injuries would clearly be arising out of, relating to, or 
resulting from an act of terrorism.
    Congress recently acknowledged that technologies designed 
to limit the harm from an act of terrorism that may result in 
harm not directly caused by the act of terrorism are protected 
by the SAFETY Act. In the legislative history of the ``Project 
Bioshield Act of 2002,'' Congress stated that the Secretary of 
Homeland Security is ``encouraged to designate [biodefense] 
countermeasures as 'qualified antiterrorism technologies'.'' 
The Department should affirm this congressional statement that 
technologies deployed after a terrorist attack with the hope of 
limiting harm may receive such designation.
    The Chamber appreciates that the Department has taken 
positive steps to more narrowly define the, ``substantial 
modification'' as one that significantly reduces safety and 
effectiveness and its willingness to promptly review notices of 
modification.
    Unless the Department informs the seller otherwise, 
however, these designations should remain in force. Only upon a 
showing and a determination by the Department that there has 
been a significant change or modification should the Secretary 
be able to affirmatively terminate a designation. It should 
only take effect upon written notice to the seller.
    The Chamber appreciates the opportunity to offer testimony 
on this very important statute. Achieving the objectives of 
certainty and flexibility in implementing the SAFETY Act are of 
the utmost importance to ensuring the homeland's protection and 
the protection of national security. We applaud your efforts 
and the efforts of the Department and look forward to the 
implementation of the act.
    Thank you, Mr. Chairman.
    Chairman Tom Davis. Thank you very much.
    [The prepared statement of Mr. Clerici follows:]

    [GRAPHIC] [TIFF OMITTED] T1553.037
    
    [GRAPHIC] [TIFF OMITTED] T1553.038
    
    [GRAPHIC] [TIFF OMITTED] T1553.039
    
    [GRAPHIC] [TIFF OMITTED] T1553.040
    
    [GRAPHIC] [TIFF OMITTED] T1553.041
    
    [GRAPHIC] [TIFF OMITTED] T1553.042
    
    [GRAPHIC] [TIFF OMITTED] T1553.043
    
    Chairman Tom Davis. Let me ask each of you: Do you have 
suggestions for DHS to expedite the review process so that it 
is responsive to the need to deploy antiterrorist technologies?
    Mr. Miller. I think the first suggestion is prioritization, 
and we go back to work with DHS, but certainly some things they 
should look to are procurements that are actively under way; 
that would be one priority. They should look to prioritize 
applications related to procurement already under way.
    The second principle they could look to for prioritization 
would be technologies that they've advanced as being 
priorities, and that's what Science and Technology does to some 
extent. They list out there for public consumption or, if not 
appropriate, for internal consumption, the types of 
technologies they believe are priorities. So if, as we expect, 
they get a flood of applications, we think it's going to be 
absolutely necessary that they come up with some way of 
prioritizing these applications; otherwise, some of the key 
technologies may fall into the bottom of the pile and not get 
designations early enough in meeting the needs of the American 
people so many will incorporate.
    Another area that we touched on is the clarity of the 
regulations themselves. The process is going to be driven, by 
and large, by the degree the parties understand what the 
philosophy and interpretations of the Department are going to 
be and how it's going to work in critical areas, particularly 
when it comes to services and discrete products. That in itself 
will drive timelines for the application process and the 
discussions back and forth and trying to figure it all out.
    Mr. Clerici. Mr. Chairman, I think the proof is in the 
pudding how they interpret the responses to their application. 
If Dr. Albright's testimony of 100 hours is to be correct in 
the preparation, then hopefully DHS will not drill down to the 
extent that Congressman Carter mentioned and get these 
applications approved. The framework is there for them to do it 
expeditiously. It's just a question of whether they are going 
to be willing to do so.
    Mr. Miller. I don't mean to be cute, Mr. Chairman, but if 
they shorten the application, they shorten the review process, 
too.
    Chairman Tom Davis. Absolutely. When we passed the bill, it 
was a matter of some urgency. The American people said it in 
the election. And the longer the bureaucratic process--and 
ultimately I can give my opinion, DHS can give their opinion--
ultimately, the result is going to be the companies coming in 
and offering their services or their products--or not if 
they're deterred from doing it. That's why what industry thinks 
is far more important than what happens ordinarily, because if 
we can't get these products in the government marketplace, we 
are not going to be able to make use of the newest 
technologies.
    We have a vote on. I am going to try to get our questions 
in, because we have about five votes, and let you all go. So 
I'm going to move quickly to Mr. Bell.
    Mr. Bell. Thank you very much, Mr. Chairman.
    Mr. Miller, I was fascinated by your testimony regarding 
the application process. The thousand hours, how do you 
calculate that?
    Mr. Miller. We did it informally, an unscientific poll with 
many of our member companies by e-mail, and we asked them the 
estimates that they would fill out the application, based on 
the various drafts that are floating around even before they 
were published, and we got ranges. The lowest range we got was 
about 500 hours. We got some that estimated it would be 1,500, 
and we just averaged it out as 1,000 hours. This was based on 
asking government contractors who are used to filling out these 
kinds of applications.
    What they particularly found daunting, Mr. Bell, was the 
incredibly extensive financial information, much of it 
extremely confidential and sensitive. But we don't really feel 
it's necessary for DHS to make the kind of judgments they need 
to make as to whether or not this technology does or does not 
have a place in the marketplace. We think we understand what 
DHS is trying to achieve. They're trying to understand whether 
this technology would otherwise go in the marketplace if they 
did not get the designation by DHS. We understand that, but the 
kind of information they requested would take a brilliant 
econometrician months to analyze, and it seems to me to be too 
academic an exercise.
    Dr. Albright, to his credit, during his presentation to 
this committee, gave a couple simple rules of thumb. Why are 
they deployed already? Is there insurance in the marketplace? 
Those should be simple questions DHS should ask, not an 
incredible amount of financial information and then make some 
kind of a guess about whether this product will actually show 
in the marketplace in the absence of this designation.
    Mr. Bell. Well, certainly the individuals who came up with 
an application that would take 1,000 hours would be up for some 
kind of bureaucratic award or high honor, I would think. It's 
an extraordinary accomplishment.
    Chairman Tom Davis. The lawyers love it, don't they?
    Mr. Miller. That's why we poll our members and not our 
lawyer members.
    Mr. Bell. What else can be changed about it, if any of the 
others would like to weigh in on this? The financial 
information, but what else would you recommend?
    Mr. Miller. From what we can tell, the scientific 
information we are requesting seems to be reasonable. I don't 
think our company would have objections to that, because 
obviously that's the information on which the Science and 
Technology Director is going to make his decisions. Most that 
we objected to was incredibly detailed and, as we saw it, 
basically irrelevant financial information.
    Mr. Soloway. I would also add that, in the area of 
protecting proprietary data and trade secrets, although I think 
the Department's intentions are correct there's a very unclear 
process as to how you get the protections you need; and as you 
can imagine, in the technology industry, that is something in 
terms of a company's capital. And so a clear process in the 
applications and in the regulations for getting that adequate 
protection is critical.
    Mr. Clerici. Congressman Bell, I think much of the 
information that's requested, safety and efficacy data, whether 
you've got the proper amount of insurance with the market, is 
something a responsible corporation has to do for its 
shareholders every day. The Department should rely, 
particularly with respect to public companies, on what is being 
done internally to mitigate risks, rather than trying to invent 
a separate scheme that is somehow codified in the regulations. 
The parameters of the statute are quite clear, and you can 
round these bases not easily, but with a little bit of thought, 
in gathering the information that is usually already at the 
disposal of the company.
    Mr. Miller. This is the application, so just to give you 
some idea.
    Chairman Tom Davis. We will put the application in the 
record.
    Mr. Miller. It's the form and the background material; 40-
some pages, I believe.
    [The information referred to follows:]

    [GRAPHIC] [TIFF OMITTED] T1553.044
    
    [GRAPHIC] [TIFF OMITTED] T1553.045
    
    [GRAPHIC] [TIFF OMITTED] T1553.046
    
    [GRAPHIC] [TIFF OMITTED] T1553.047
    
    [GRAPHIC] [TIFF OMITTED] T1553.048
    
    [GRAPHIC] [TIFF OMITTED] T1553.049
    
    [GRAPHIC] [TIFF OMITTED] T1553.050
    
    [GRAPHIC] [TIFF OMITTED] T1553.051
    
    [GRAPHIC] [TIFF OMITTED] T1553.052
    
    [GRAPHIC] [TIFF OMITTED] T1553.053
    
    [GRAPHIC] [TIFF OMITTED] T1553.054
    
    [GRAPHIC] [TIFF OMITTED] T1553.055
    
    [GRAPHIC] [TIFF OMITTED] T1553.056
    
    [GRAPHIC] [TIFF OMITTED] T1553.057
    
    [GRAPHIC] [TIFF OMITTED] T1553.058
    
    [GRAPHIC] [TIFF OMITTED] T1553.059
    
    [GRAPHIC] [TIFF OMITTED] T1553.060
    
    [GRAPHIC] [TIFF OMITTED] T1553.061
    
    [GRAPHIC] [TIFF OMITTED] T1553.062
    
    [GRAPHIC] [TIFF OMITTED] T1553.063
    
    [GRAPHIC] [TIFF OMITTED] T1553.064
    
    [GRAPHIC] [TIFF OMITTED] T1553.065
    
    [GRAPHIC] [TIFF OMITTED] T1553.066
    
    [GRAPHIC] [TIFF OMITTED] T1553.067
    
    [GRAPHIC] [TIFF OMITTED] T1553.068
    
    [GRAPHIC] [TIFF OMITTED] T1553.069
    
    [GRAPHIC] [TIFF OMITTED] T1553.070
    
    [GRAPHIC] [TIFF OMITTED] T1553.071
    
    [GRAPHIC] [TIFF OMITTED] T1553.072
    
    [GRAPHIC] [TIFF OMITTED] T1553.073
    
    [GRAPHIC] [TIFF OMITTED] T1553.074
    
    [GRAPHIC] [TIFF OMITTED] T1553.075
    
    [GRAPHIC] [TIFF OMITTED] T1553.076
    
    [GRAPHIC] [TIFF OMITTED] T1553.077
    
    [GRAPHIC] [TIFF OMITTED] T1553.078
    
    [GRAPHIC] [TIFF OMITTED] T1553.079
    
    [GRAPHIC] [TIFF OMITTED] T1553.080
    
    [GRAPHIC] [TIFF OMITTED] T1553.081
    
    [GRAPHIC] [TIFF OMITTED] T1553.082
    
    [GRAPHIC] [TIFF OMITTED] T1553.083
    
    Mr. Bell. What is the normal response?
    Mr. Miller. Well, you're talking about people supplying 
notebooks of financial and scientific information to back up 
their application and response. That's why we came up with the 
estimate of approximately 1,000 hours, which goes to the 
Congressman's earlier question.
    Mr. Bell. On the liability, I will be clear on that from 
where you all are. Is there a misunderstanding in the industry 
about the limitations on liability, or is it your suggestion to 
suggest we go further in limiting the liability?
    Mr. Miller. We didn't respond to this hearing in terms of 
suggested changes to the legislation. We were just commenting 
specifically on the regulations.
    Mr. Bell. You mention in your testimony that the liability 
questions are causing a lot of problems.
    Mr. Miller. Oh, just generally because the SAFETY Act has 
not been implemented. I think I was trying to make the point, 
Mr. Bell, maybe not eloquently, that exactly as Chairman Davis 
said, I've rarely had an occurrence where CEOs and member 
companies call me at night because a regulation was published.
    But I can tell you that, looking back to March 2002 when 
one of the first requests for proposal came out that had this 
self-insurance requirement, I literally had CEOs finding me at 
home at night saying, ``ITAA has to make this their No. 1 
priority; we cannot bid in good conscience on these Department 
of Homeland Security contracts, when we're literally betting 
the company.'' And these were company CEOs of, in some cases, 
multibillion-dollar companies. That's how negative the initial 
reaction was and why the legislation that was enacted was so 
important and how the implementation of it was critically 
important.
    Mr. Soloway. Let me just second Harris' comments, that 
we've had dozens of company executives talking to us about this 
issue, even before the passage of the legislation. It's not a 
question of the extension or extent of liability. It's a 
question of how you can obtain appropriate protection and the 
interplay between this act, Public Law 85-804 for extraordinary 
relief, and the different tools that are available to make sure 
the government can get what it needs and provides the 
protections. So it's really a question of bringing it together 
in a clear way, and I think there is a lot of work to do in 
that area.
    Mr. Clerici. And I can say in my personal experience in the 
past few years, there has been an entire division of a company 
depending on whether risk mitigation could be accomplished. In 
one instance, the division suffered because the SAFETY Act was 
not in place and those jobs were lost; in the next one, 
hopefully we'll have the SAFETY Act up and running.
    Mr. Bell. Thanks a lot.
    Thanks, Mr. Chairman.
    Chairman Tom Davis. Mr. Schrock.
    Mr. Schrock. I'll be very brief because we have six votes, 
and we're not professors, so you're not required to stay in 
class past 20 minutes.
    Mr. Miller, you talked about Isabel. I represent Virginia 
Beach and Norfolk where there's massive amounts of military, 
maybe 125 ships in a massive commercial port. What a perfect 
opportunity for the terrorists to get in there, and to get in 
here too.
    You talked about protecting the IT companies. Is it a 
``hold harmless'' agreement? We used to have people sign ``hold 
harmless'' things, so that if something happened to them the 
Navy couldn't be held accountable. Is that an answer to this? 
The lawyers wouldn't like it; and the chairman is right, he is 
one, so he knows what he talks about. Is that an answer?
    Mr. Miller. Industry is not saying there should not be 
liability whatsoever. There is an industry that will offer 
certain-level protections.
    The world has changed since September 11. As Mr. Soloway 
pointed out in his testimony, the idea between the Congress and 
the government saying to government contractors, ``In extreme 
situations when insurance is not available in the marketplace, 
we are going to offer you some protections,'' is not new. It 
goes back almost 50 years, Mr. Schrock, in the Department of 
Defense. It's used in the nuclear industry; it's used in the 
space launch industry. It was used at the time of development 
of Cipro in order to respond to the anthrax scare in this 
country. Those were situations where they said, ``We can't deal 
with this situation. There were no actuarial tables that gave 
us the ability to insure, so that's why the SAFETY Act is so 
critical.
    Not to say that the companies have zero liability, not to 
say they should be able to commit fraud, but in these extreme 
situations, if they don't have some limitation of liability, 
particularly when DHS reviews and approves their technology and 
services as Mr. Soloway pointed out, that's the only way to get 
these products to the public and ultimately to protect the 
American people.
    Chairman Tom Davis. There's got to be some limit somewhere, 
some reasonable limits.
    Mr. Schrock. It seems like there's a real disconnect 
between what the three of you say and what our previous person 
who testified said. It's like you're worlds apart. Have you all 
sat down with the DHS? You all have done that?
    Mr. Miller. We've had extensive discussions with DHS, 
collectively and independently. I think each of us, 
independently and collectively. In fact, ITAA and PSC worked 
very closely together on comments on the rule and so forth, so 
we've worked very closely with the Department and actually 
think the Department has made significant progress here. We 
don't want to be overly negative.
    What we're concerned about is, if there's a perception that 
the job is now completed and executed and we've got significant 
hurdles to overcome in bringing these products and services to 
the market, there are some realities that have to be addressed, 
issues of clarity, as I said earlier; and I don't want to harp 
on it again.
    There is a vast difference in buying a product or device 
and buying an evolving service which could be developed over 
time and constantly upgraded. A lot of discussion around the 
rule seems to focus more on the presumption of product than a 
service, and there are big differences that have to be 
overcome.
    Chairman Tom Davis. We want to make the vote and I don't 
want to keep you. We will be probably close to an hour over 
there voting.
    I want to allow you to supplement over the next 5 days, 
anything you want to add on this. We've had other questions, 
but we've been obviously in constant dialog. I appreciate your 
being here, and I hope that the Department understands this 
continues to be an ongoing discussion, that the interim 
regulations are really not where we need to be.
    At the end of this--I think you've articulated this--at the 
end of the day, the question is, ``are we getting the products 
in or aren't we?'' And there are still a lot of concerns, but I 
appreciate your being here and I'm going to adjourn the 
meeting. Thank you.
    [Whereupon, at 11:30 a.m., the committee was adjourned.]
    [The prepared statement of Hon. Elijah E. Cummings and 
additional information submitted for the hearing record 
follows:]

[GRAPHIC] [TIFF OMITTED] T1553.084

[GRAPHIC] [TIFF OMITTED] T1553.085

[GRAPHIC] [TIFF OMITTED] T1553.086

[GRAPHIC] [TIFF OMITTED] T1553.087

[GRAPHIC] [TIFF OMITTED] T1553.088

[GRAPHIC] [TIFF OMITTED] T1553.089

[GRAPHIC] [TIFF OMITTED] T1553.090

[GRAPHIC] [TIFF OMITTED] T1553.091

[GRAPHIC] [TIFF OMITTED] T1553.092

[GRAPHIC] [TIFF OMITTED] T1553.093

[GRAPHIC] [TIFF OMITTED] T1553.094

[GRAPHIC] [TIFF OMITTED] T1553.095

[GRAPHIC] [TIFF OMITTED] T1553.096

[GRAPHIC] [TIFF OMITTED] T1553.097

[GRAPHIC] [TIFF OMITTED] T1553.098

[GRAPHIC] [TIFF OMITTED] T1553.099

[GRAPHIC] [TIFF OMITTED] T1553.100

[GRAPHIC] [TIFF OMITTED] T1553.101

[GRAPHIC] [TIFF OMITTED] T1553.102

[GRAPHIC] [TIFF OMITTED] T1553.103

[GRAPHIC] [TIFF OMITTED] T1553.104

[GRAPHIC] [TIFF OMITTED] T1553.105

[GRAPHIC] [TIFF OMITTED] T1553.106

[GRAPHIC] [TIFF OMITTED] T1553.107

[GRAPHIC] [TIFF OMITTED] T1553.108

[GRAPHIC] [TIFF OMITTED] T1553.109

[GRAPHIC] [TIFF OMITTED] T1553.110

[GRAPHIC] [TIFF OMITTED] T1553.111

[GRAPHIC] [TIFF OMITTED] T1553.112

[GRAPHIC] [TIFF OMITTED] T1553.113

[GRAPHIC] [TIFF OMITTED] T1553.114

[GRAPHIC] [TIFF OMITTED] T1553.115

[GRAPHIC] [TIFF OMITTED] T1553.116

[GRAPHIC] [TIFF OMITTED] T1553.117

[GRAPHIC] [TIFF OMITTED] T1553.118

[GRAPHIC] [TIFF OMITTED] T1553.119

[GRAPHIC] [TIFF OMITTED] T1553.120

[GRAPHIC] [TIFF OMITTED] T1553.121

[GRAPHIC] [TIFF OMITTED] T1553.122

[GRAPHIC] [TIFF OMITTED] T1553.123

[GRAPHIC] [TIFF OMITTED] T1553.124

[GRAPHIC] [TIFF OMITTED] T1553.125

[GRAPHIC] [TIFF OMITTED] T1553.126

[GRAPHIC] [TIFF OMITTED] T1553.127

[GRAPHIC] [TIFF OMITTED] T1553.128

[GRAPHIC] [TIFF OMITTED] T1553.129

[GRAPHIC] [TIFF OMITTED] T1553.130

[GRAPHIC] [TIFF OMITTED] T1553.131

[GRAPHIC] [TIFF OMITTED] T1553.132

[GRAPHIC] [TIFF OMITTED] T1553.133

[GRAPHIC] [TIFF OMITTED] T1553.134

[GRAPHIC] [TIFF OMITTED] T1553.135

[GRAPHIC] [TIFF OMITTED] T1553.136

[GRAPHIC] [TIFF OMITTED] T1553.137

[GRAPHIC] [TIFF OMITTED] T1553.138

[GRAPHIC] [TIFF OMITTED] T1553.139

[GRAPHIC] [TIFF OMITTED] T1553.140

[GRAPHIC] [TIFF OMITTED] T1553.141

[GRAPHIC] [TIFF OMITTED] T1553.142

