HOME  |  CONTENTS  |  DISCUSSIONS  |  BLOG  |  QUICK-KITs|  STATES

Google

       Search WWW Search wifcon.com

To Contents

 Security v. Full and Open Competition
By Homer on Tuesday, December 10, 2002 - 03:57 pm:

Have a contracting issue which impacts security v. full and open competition.

Scenario: Assume a situation where a contract is being solicited for construction of a public facility: i.e., passenger terminal, transit station, or whatever- a facility with complex environmental systems (ventilation, heating, etc.). Assume this is a non-DOD project, where procedures for “classified” procurements have never been historically used by the procuring activity.

Question: In a post 9/11 environment, how are procuring activities addressing and handling the issue of providing access to sensitive data in a competitive procurement environment to all prospective competing sources with no real means of limiting access without adversely impacting the competition in the face of potential dangers given the data could land in the hand of terrorists? The specific concern are the specifications, drawings, and technical information about an entire system and location of key information on all of the intricacies and details of the system. Certainly, access can be limited subsequent to award through the contract terms with the successful awardee and to some degree in a negotiated procurement environment; but how does one limit access when the data is needed by the prospective sources in order to intelligently compete in a sealed bid environment?


By Anon on Tuesday, December 10, 2002 - 04:06 pm:

Could you use FAR 52.211-4, and when potential offerors show up to examine the specs have them execute a nondisclosure statement?


By formerfed on Tuesday, December 10, 2002 - 04:11 pm:

I noticed a couple procurements in FedBizOps where non-DOD agencies only made RFP materials available to firms with a Secret clearance. I checked witha friend at one agency and he admitted the contract is non-classified but the restriction is for the exact purpose you described.

I'm not certain that is a correct way to approach it or not, but it was the only thing that one agency could think of within the time constraints they had.


By Vern Edwards on Friday, December 13, 2002 - 11:02 am:

The issue is whether the requirement for a security clearance would be unduly restrictive.

There have been a few cases since the enactment of CICA in which a bidder has protested that a requirement that it have a security clearance by the time of award was unduly restrictive of competition. The GAO has denied all such protests.

I did not find any protest about a requirement that a bidder have a clearance in order to get access to documents it would need in order to prepare a proposal.

If an agency set such a requirement based on standard agency security practices, then I doubt that the GAO would sustain any protest in that regard. I also doubt that the GAO would object if such a requirement had a reasonable basis, even if the agency has no standard security practices in that regard.

If the agency does not have an established security program, one problem will be what program to use: DOD's, DOE's, CIA's? If I worked for an agency that did not have its own security program, then I would not impose a clearance requirement until I had all the information I needed in order to decide how to go about it properly.


By AL on Friday, December 13, 2002 - 12:10 pm:

One thing that strikes me about this discussion is, wouldn't the solicitation and plans be available to pretty much anyone who asks for them pursuant to FOIA? If they are not classified, on what grounds could you refuse to provide them to a FOIA requester? I recognize that there is a potential problem with having building plans available to persons with evil intent, but long ago Congress opted for openness (generally) of government records and information in spite of the potential for abuse and security risks involved. Maybe I'm missing something, but I think you could waste a lot of time and energy trying to close this specific window of risk, while there is a wide-open door a few steps away for anyone who wants to walk through it and is savvy enough to ask.


By Anonymous on Friday, December 13, 2002 - 12:25 pm:

AL

A FOIA request does not automatically release everything that is not classified. If the Government can show the documents should not be released, classified or not, then they are not released. If the GAO sustained the protection of the information, I don't see how a FOIA request would override.


By Vern Edwards on Friday, December 13, 2002 - 12:42 pm:

AL:

I agree with Anonymous of 12:25. FOIA does not allow requesters to get anything they want. Check the Department of Justice's on-line FOIA guide and you'll see that it mentions the government's need to protect information related to homeland security after 9/11.

I believe that the GAO will support an agency's decision to require special clearance to gain access to proposal-related information of the kind mentioned by Homer if the agency uses a rational procedure make its decision. I also believe that the agency would be able to withhold such information sought pursuant to a FOIA request.


By AL on Friday, December 13, 2002 - 01:41 pm:

Vern and Anonymous:

I am fairly familiar with FOIA and its exemptions. I realize that not everything that is unclassified is automatically releasable. I am also not surprised that the Justice Department might be taking the position that an agency can refuse to disclose any information the release of which it believes would be a potential security risk. DOJ (and the government generally) historically likes to cite national security as a reason to do all sorts of things, not all of which are proper (or improper). DOJ can say what it wants, but the law is still the law.

I also know that FOIA has a limited number of exemptions, and I am generally familiar with their basics. I do not see how an unclassified solicitation and/or building plans would fit into any of the exemptions. It isn't classified, it isn't personal privacy information, it isn't internal agency rules, it isn't financial institution information, it isn't geologic survey information, it isn't trade secrets/confidential commercial information, it isn't law enforcement information (except maybe in special cases such as plans for prisons, police buildings & such). I may be missing another obscure exemption or two, but those are the major ones, and I just don't see how they fit. Law enforcement would probably be closest, but my recollection is that the law enforcement exemption is fairly narrow, and probably wouldn't fit, at least not for a solictation or building plan that is not part of a law enforcment project.

I also think that GAO may agree with a restriction to limiting bidding to companies with security clearances, but so what? One need not be a bidder to submit a FOIA request for records.

I'm not trying to be unnecessarily argumentative, and I think Homer (and others) has a point. I just think that if agencies are serious about protecting such information, they need to at least consider going through the pain of having it classified, or they may wind up being required to release the information after all.


By Anonymous on Friday, December 13, 2002 - 02:30 pm:

AL,

I hate to open another can of worms but with your comment "... if agencies are serious about protecting such information, they need to at least consider going through the pain of having it classified.....", it needs to be said. It takes a lot to classify information. If the agencies classified everything that requires some level of protection, the Government would not be very competative when it comes to outsourcing.

Let's look at it this way, where an airport communications hub is located may not in of itself be classified, but is it something that should be posted on the Internet in a construction solicitation?

It doesn't make business sense for the Government to make some things that should have a bit of protection classified. If competative outsourcing is going to hold us to the "fire", we should be able to make decisions based on what makes the best "business sense" and have the courts and GAO support.


By Vern Edwards on Friday, December 13, 2002 - 02:41 pm:

AL:

Maybe I'm confused. According to DOJ, the only "classified" info exempted from disclosure under FOIA is info covered by Exemption 1, which is info pertaining to the national defense and foreign relations that has been classified under E.O. 12958 or Atomic Energy Act. Am I right about that? Is DOJ right? E.O. 12958 Sec. 1.5 identifies the kinds of info that may be classified.

Now suppose that I send a FOIA request to the Bureau of Prisons asking for the construction details of a federal prison, including all systems: mechanical, electrical, structural, IT, etc. As I read E.O. 12958 Sec. 1.5, that info is not classifiable. Am I reading the E.O. right? Does the BPO have to give me that info? Is that info covered under another FOIA exemption?

I don't know the answer and I'm not trying to be sarcastic. Your position seems to be that the kind of info I'm asking about, which I think is the kind that Homer was asking about, is readily available to anyone through FOIA. Is it?

Does anybody out there know?


By AL on Friday, December 13, 2002 - 02:53 pm:

Annonymous--I really don't disagree with what you say. I realize it is difficult to have information classified--and it should be difficult. We're supposed to be an "open society." I don't know if any of us really knows what that means, or agrees on what it means, but I think one aspect of it is that it is supposed to be difficult to make information classified and unavailable.

That doesn't mean I think all building plans should be posted on the internet, either. The primary point I have tried to make is that, under FOIA, there is a lot of more-or-less sensitive information that is at least potentially available to anyone with a stamp and the smarts to know how and who to ask for it. As for what the courts will support in a FOIA dispute, I don't think any of us have all the answers there. There have been FOIA decisions that have surprised me, both ways.

Perhaps what we need is one or more additional FOIA exemptions, or other tweaking of the law, to protect such information, but I have neither the time nor the interest to really explore that.

I must admit, I'm not sure how competitive outsourcing plays into this, but I don't think it matters.


By AL on Friday, December 13, 2002 - 03:00 pm:

Vern--Your example is, I think, most of what I am getting at, and related to what Homer asked in the first place. I agree that the plans for a prison are most likely not classifiable. That may go as well for the type of contract solicitations that Homer was talking about in the first place. Arguably, the plans for a prison might fall under the law enforement exception to FOIA, but I'm not sure. Otherwise, I don't know which exception could apply.

Please don't take too strongly my "position." I don't think I know the answers to any of these questions. But I'm pretty sure they are questions that people should be thinking about.


By formerfed on Friday, December 13, 2002 - 03:21 pm:

Vern and AL,

First of all, I think Vern is right about Exemption 1 and classified documents. In the BPO case, the information msut be released if Exemption 1 is the only one applied.

However faced with Homer's situation, I would made a case using a combination of Ememption 3 (in conjunction with the Homeland Security Act)and 7(f) - physical safety to protect a wide range of individuals. I would argue the law enforcement exception applies since terrorists are a known threat to our security. By avoiding the release of sensitive design materials relating to the construction of an ideal terrorist target, this is a proactive measure of law enforcement.

Now this logic could be found wrong in court (and maybe is a little far reaching), but I would rather know that a year later after all the FOIA proceedings took place and the contract is long awarded.


By Vern Edwards on Friday, December 13, 2002 - 03:22 pm:

AL:

Yeah, I don't know either, and I agree that these are things that must be thought through before any action is taken.

Vern


By Vern Edwards on Friday, December 13, 2002 - 03:47 pm:

formerfed:

You may be right about the law enforcement exemption applying to my BOP case, but what if the request is for info about the IT network of an office of the Bureau of Land Management or of the Agricultural Research Service?

We must be missing something, some law or other basis for nondisclosure.

Vern


By AL on Friday, December 13, 2002 - 04:16 pm:

FormerFed--Not a bad argument, but ...

Exemption (sorry I called them exceptions before, exemption is the correct term) 3 is for information some other law says is not to be released. I certainly don't know all the other laws that are included in that, but it has historically been interpreted fairly narrowly. In other words, the other law that prevents the disclosure of information has to be pretty clear and specific about it. You can't just make a general argument that withholding the information would be consistent with homeland security and therefore with the Homeland Security Act.

The problem I see with exemption 7(f) is that it only applies, by its terms, to "records or information compiled for law enforcement purposes." Most solicitations, specifications, SOW's, etc., are not compiled for law enforcement purposes. I think that's probably the closest exemption, though.


By Homer on Wednesday, December 18, 2002 - 10:51 am:

Sounds like I opened something of a can of worms. But I appreciate the comments.

ABOUT  l CONTACT