In today’s world, there is a tendency to believe that everything must be preserved forever. The common belief is that documents, emails, text messages, etc. cannot be deleted because doing so may be viewed as spoliation (i.e., intentionally destroying relevant evidence). A party guilty of spoliation can be sanctioned, which can include an adverse inference that the lost information would have helped the other side. But that does not mean that contractors have to preserve every conceivable piece of information or data under all circumstances. There are key differences between routine document destruction (when done before receiving notice of potential claims or litigation) and spoliation.

The Federal Circuit’s recent decision in Boeing Co. v. Secretary of Air Force, 983 F.3d 1321 (Fed. Cir. 2020), provides some useful clarity on the contents of the restrictive markings and legends that contractors affix to the technical data they deliver to the Government.

The case arose from two Air Force contracts for engineering and manufacturing development of radar systems needed for the F-15 Eagle. The contracts required Boeing to deliver technical data to the Air Force with “unlimited rights.” While Boeing retained ownership of the data, the unlimited rights license allowed the Air Force to “use, modify, reproduce, perform, display, release, or disclose [t]he technical data in whole or in part, in any manner, and for any purpose whatsoever, and to have or authorize others to do so.” 983 F.3d at 1325 (citing DFARS 252.227-7013(a)(16)).

The Biden Administration is imminently expected to release an executive order that will require government contractors to notify the government in the event of a cybersecurity breach. Despite the relatively steady rise in cyberattacks and breaches over the years, and the enactment of consumer data breach disclosure laws in all 50 states, there is currently no standardized reporting requirement for government contractors. However, the Biden administration has promised executive action on the issue, largely in response to a cyberattack by a suspected nation-state against multiple software companies, including the SolarWinds software company.

Government Seal

The Department of Defense (“DoD”) requested industry comments by April 28, 2021 to assist with the DoD’s forthcoming report identifying risks and policy recommendations regarding the supply chain for strategic and critical materials.  The Apr. 13, 2021 Federal Register notice notes “the need for resilient, diverse, and secure supply chains to ensure U.S. economic prosperity

Last week the Army awarded Microsoft the Integrated Visual Augmentation System (IVAS) contract, a potentially $21 billion undertaking by the Army to develop next-generation night vision and “situational awareness capabilities” in a Heads Up Display. Unlike Microsoft’s last multi-billion dollar contract award, the Joint Enterprise Defense Infrastructure (JEDI), which is still pending before the Court of Federal Claims more than a year after Amazon filed its bid protest challenging the award in November 2019, IVAS is unlikely to experience the same fate. Why? Because IVAS was awarded under the Army’s Other Transaction authority (OTA) and is not subject to the same FAR rules as the JEDI contract.

Construction Crane - sunset -126871767

It’s coming. From all outward signs, it appears that the Biden Administration may be planning to use the “American Jobs Plan” – otherwise known as the proposed infrastructure plan – to expand the Davis Bacon Act (“DBA”) and require the use of prevailing wages on all projects funded by any infrastructure bill ultimately passed by Congress.

The Davis Bacon Act (40 U.S.C. §§ 3141-3148), requires employers performing construction work under contract with the federal or District of Columbia government valued at more than $2,000 to pay their laborers and mechanics a prevailing wage and fringe benefits, at levels set on a regional or local level by the U.S. Department of Labor. Noncompliance with the DBA can potentially lead to severe penalties, including suspension, debarment, and even False Claims Act civil and/or criminal liability.

It has been two months since President Biden issued his Buy American Executive Order on January 25, 2021. But it would seem we still have more questions than answers: What specific actions will agencies take to promote the Order’s policy? What will the Made in America Office look like? Where can I find more information about proposed waivers? While the answers to these questions are probably still months away, it is important for contractors to understand the possible implications now and plan accordingly.

The automatic stay of award is one of the key elements of a bid protest under the Competition in Contracting Act. The CICA stay is only available when a protest is filed no later than ten days after contract award or no later than five days after a debriefing. In the 2018 NDAA (Section 818), Congress introduced the enhanced debriefing process for DoD procurements. It allows disappointed offerors to submit follow-up questions within two business days after a debriefing. It also extends the protest deadline until those questions are answered. But what if the contractor does not have any additional questions? Does the two-day period to submit questions extend the protest deadline for purposes of the CICA stay?

The Federal Circuit answered this question in NIKA Technologies, Inc. v. United States, Case No. 2020-1924 (Feb. 4, 2021). If a contractor does not submit follow-up questions after a debriefing, it does not get the benefit of the two-day question period for purposes of the CICA stay.

Have you received a Section 889 letter yet? If not, you may soon. The letters ask whether you provide or use “covered telecommunications equipment or services.” They are part of the implementation of Section 889 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (the 2019 NDAA), which has two phases. The first phase started in August 2019 but has a limited scope. The second phase—which started in August 2020—is much broader and raises a lot more questions. This article answers some of those questions and provides some tips on how to comply.

Keep in mind that Section 889 is still being implemented. Much of this analysis is based on interim rulemakings at 85 F.R. 42665 and 85 F.R. 53126. Final rules may change based on public comments.

On December 4, 2020 the President signed into law the IoT Cybersecurity Improvement Act of 2020, Pub. L. No. 116-207 (the “IoT Act”). The legislative purpose behind the new law is to ensure the highest level of cybersecurity at federal agencies by working collaboratively within government, industry and academia. Pub. L. No. 116-207 § 2.

The IoT Act mandates specific actions by the National Institute of Standards and Technology (NIST), the Office of Management and Budget (OMB) and the Department of Homeland Security (DHS) regarding: (i) standards and guidelines for IoT devices, (ii) determining whether federal agencies adhere to those standards, (iii)implementing guidelines to disclose security vulnerabilities to contractors and report the resolution of those vulnerabilities.