Legal Report December 2012
This overview looks at some of the major security-related legislation considered by the 112th Congress, including proposals that did not pass, such as those pertaining to cybersecurity. If any bills were passed by Congress after the November general election, that activity is not included here, because it occurred after Security Management went to press. (See the November digital issue for more information on new laws addressing hiring, border security, aviation security, and trespassing.)
The bills that have not been signed into law by the end of 2012 will die and must be reintroduced in the next legislative session if they are to be considered. The 113th Congress convenes in early January.
COUNTERFEIT DRUGS. A new law (P.L. 112-186) will enhance penalties for drug counterfeiting. The bill will make it illegal to knowingly steal or embezzle a medical product or obtain it through fraud or deception. It will also be illegal to transport, handle, traffic, or store a stolen medical product. The law defines a medical product as a drug, biological product, device, medical food, or infant formula that is being transported or stored prior to being available for purchase.
Those who violate the law will face up to three years in prison for medical products valued at less than $3,000 and up to 20 years for products valued at more than $3,000. Civil actions may be brought against violators for $1 million or three times the value of the product, depending on which is greater.
CYBERSECURITY. President Barack Obama publicly urged Congress to pass S. 2105, the Cybersecurity Act of 2012. The act would have required that companies designated as critical infrastructure, such as utilities and financial institutions, comply with cybersecurity standards established by the government. The bill would also have given the Department of Homeland Security (DHS) the power to inspect private facilities designated as critical infrastructure to ensure that cybersecurity standards were being met.
However, S. 2105 faced overwhelming opposition in the Senate, leading the bill’s sponsor, Sen. Joe Lieberman (I-CT) to revise the measure. The new bill (S. 3414) offered incentives for companies to comply with the standards, such as liability protection relating to cybersecurity breaches, but contained no requirements for businesses.
In a statement announcing the revised bill, Lieberman stated: “This compromise bill creates a public-private partnership to set cybersecurity standards for critical American infrastructure, and offers the reward of some immunity from liability to those who meet those standards. In other words, we are going to try carrots instead of sticks as we begin to improve our cyberdefenses. This compromise bill will depend on incentives rather than mandatory regulations to strengthen America’s cybersecurity. If that doesn’t work, a future Congress will undoubtedly come back and adopt a more coercive system.”
However, S. 3414 also failed to come to a vote. At press time, the White House announced that it was near completion on an executive order that mirrors the original Senate bill. The advance information on the executive order speculated that it would also require agencies to propose new cybersecurity regulations and would create a new cybersecurity council at DHS.
CHEMICAL FACILITY SECURITY. A bill (S. 473) that would have extended the government’s Chemical Facility Antiterrorism Standards (CFATS) program through October 2014 was approved by the Senate Committee on Homeland Security and Governmental Affairs but was never considered by the full Senate.
Under CFATS, chemical facilities must work with DHS to develop a security program based on their facility’s risk level. Because Congress failed to pass legislation extending the program, it will expire at the end of this year.
In addition to renewing the requirements already set out by CFATS, S. 473 would have established a chemical security training program. The program, which would have been administered by the Federal Emergency Management Agency (FEMA), would have been voluntary and was designed to help chemical facilities prepare for and respond to emergencies such as terrorism, natural disasters, and man-made disasters. The program would also have extended training to individuals and organizations located near chemical facilities.
To augment the training program, the bill included a voluntary program allowing chemical facilities to conduct security exercises to test plans and procedures. The exercises, which would have been spearheaded by FEMA, would have involved chemical facilities as well as federal, state, and local governments. Live exercises would have been tailored to individual facilities and would have been conducted for the highest risk locations.
The bill stipulated that a facility’s security program would not be rejected by DHS because the facility chose not to participate in the voluntary training and exercise programs. Similarly, a plan would not have been rejected due to the presence or absence of a particular security measure.
WHISTLEBLOWERS. After the Securities and Exchange Commission (SEC) issued a final rule on the whistleblower program created under the Dodd-Frank Act, several whistleblower bills were introduced in Congress.
The Dodd Frank Act provides informants with a percentage of monetary sanctions of more than $1 million obtained from their information. The new rule sets out how the program will be administered. The rule stresses the value of internal compliance programs, and encourages whistleblowers to report concerns to their companies before turning to the SEC; those who do that will be entitled to a larger percentage of the monetary sanction. Those who interfere with an internal program will see a decreased award. An employee who makes an internal report up to 120 days before making a report to the SEC will get credit for any information reported directly by the company to the SEC. The rule notes that these actions are designed to encourage companies to strengthen their internal programs because whistleblowers are now more likely to use them.
The rule also sets out the criteria that govern when a whistleblower will get an award. The information must be original, given voluntarily, and result in successful enforcement.
Under the rule, companies are prohibited from retaliating against an employee who reports possible violations. Employees may pursue retaliation claims in federal court.
Rep. Michael Grimm (R-NY) proposed legislation (H.R. 2483) that would have made it mandatory for employees to first report violations to their employers in order to receive monetary awards. The legislation would have required that the SEC notify companies of whistleblower reports and allow the companies 30 days to conduct their own internal investigation before proceeding with a government analysis. The measure was approved by the House Financial Services Committee’s Subcommittee on Capital Markets and Government Sponsored Enterprises, but was not taken up by the full committee.
Another bill (S. 241) that would have expanded protections for whistleblowers reporting misuse of federal funds was approved by the Senate Homeland Security and Governmental Affairs Committee but was never taken up by the full Senate. The bill would have applied to employees working for companies that receive federal funds, including those companies that have government contracts or receive grants or payments from the federal government.
S. 241 would have protected those employees who were discharged, demoted, or discriminated against because they reported or participated in reporting a misuse of federal funds. Whistleblowers could have reported gross mismanagement of a contract or grant, waste, activity that is a danger to public health or safety, an abuse of authority, or a violation of laws, rules, or regulations. The bill would have provided whistleblowers with compensatory damages and reinstatement if deemed appropriate by the Inspector General.
Two additional bills, which were introduced in Congress but never acted upon, would have extended protection to whistleblowers who exposed mismanagement, fraud, or abuse in the private sector.
H.R. 6406 would have given whistleblower protections to private sector contractors and subcontractors who alert regulators to the mismanagement of federal grants, contracts, or other payments. The whistleblowers would have been protected from retaliation if they had good-faith evidence of gross mismanagement or waste, violations of rules or regulations, or threats to public safety related to federal funds.
H.R. 6409 would have protected employees of contractors, subcontractors, or members of professional membership organizations who reported misconduct. The bill would have protected an employee who reasonably believed that his or her employer had violated or intended to violate a relevant law, was posing a potential danger to the public, or had committed fraud. Employees also could have reported fraud relating to compliance with laws or with standards established by a professional standard-setting organization.
GOVERNMENT FACILITIES. A bill (S. 772) designed to strengthen security at federally owned buildings was approved by the Senate Homeland Security and the Governmental Affairs Committee. However, the bill was not taken up by the full Senate.
The bill sought to improve security at buildings operated by the Federal Protective Service (FPS). The FPS—which employs approximately 15,000 contract security guards to protect the facilities, staff, and guests—ran into budgetary trouble when it was folded into DHS in 2003, said Sen. Joseph Lieberman (I-CT) when he introduced the bill. The deficiencies, said Lieberman, led to understaffing and poor training for security guards.
S. 772 would have authorized and funded 146 additional security and support personnel. Guards would have undergone additional training and risk assessments of facilities would have helped to focus resources. Both overt and covert training would have been conducted to ensure that guards were performing to expectations.
The measure would have required that DHS establish standards for the explosives detection technology used at building checkpoints. FPS would have been required to report back to Congress on methods for preventing and detecting explosives in federal facilities. Reports would have been required on the retention rates of contract guards and the feasibility of federalizing contract guards.
ECONOMIC ESPIONAGE. A bill (H.R. 6029) that would have increased penalties for economic espionage was approved by the House of Representatives but was never taken up in the Senate.
The bill would have required that the U.S. Sentencing Commission consider a tiered system to address different types of espionage. The sentencing commission would have determined whether to apply the tiered system to cases where a person steals a trade secret and transmits or attempts to transmit the trade secret outside of the United States. Under this system, a further sentencing enhancement would have applied to those who succeeded in providing secrets to a foreign government.
COURTHOUSE SECURITY. A bill (H.R. 6185) that would have upgraded security equipment in state and local courthouses was approved by the House of Representatives but did not come to a vote in the Senate.
The bill would have allowed state and local governments to use various federal grant programs to improve security at courthouses. The bill would have directed the government to ensure that state and local jurisdictions could request any extra security equipment purchased by the government before that equipment was given to other organizations. Such equipment would have included metal detectors, wands, and baggage screening devices. The bill would have stipulated that priority would be given to courthouses that had no security equipment.
TRANSPORTATION. A bill (H.R. 3173) that would have altered the application and distribution process for the Transportation Worker Identification Credential (TWIC) was approved by the House of Representatives but was not voted on by the Senate Commerce, Science, and Transportation Committee.
Currently, transportation workers must make at least two trips to a TWIC enrollment center every five years to apply for and then pick up and activate their cards. Sometimes workers travel hundreds of miles to the nearest enrollment center.
Under H.R. 3173, DHS would have been required to revise the application process to require that transportation workers make only one trip to an enrollment center to obtain their cards.
INTELLECTUAL PROPERTY. A bill (S. 968) introduced by Sen. Patrick Leahy (DVT), which would have allowed the attorney general to take action against Internet sites that infringe on intellectual property rights, was approved by the Senate Judiciary Committee but never reached a vote in the full Senate.
The measure would have permitted the attorney general to pursue certain actions against what the bill defined as Internet sites dedicated to infringing activities. Such sites are those that have no significant use other than engaging in copyright infringement and selling or promoting copyrighted works. The government would have been allowed to take legal action against the registrant of the domain name or the owner or operator as indicated through the domain name registration. Courts could have issued temporary restraining orders or injunctions against such sites.
S. 968—along with H.R. 3261, the Stop Online Piracy Act—failed to progress in Congress after online sites such as Wikipedia staged protests by shutting down their sites for a day.
This column should not be construed as legal or legislative advice.