On August 5, 2021, the U.S. Court of Appeals for the Second Circuit ruled that a French banker may seek dismissal of an indictment  without having to physically appear in the United States.  The decision limits the application of the “fugitive disentitlement” doctrine – which has long prevented foreign nationals from challenging criminal prosecutions without appearing in the United States to do so.

Continue Reading The Second Circuit Court of Appeals Finds That French Banker Need Not Travel to the United States to Seek Dismissal of Her Indictment

In Securities & Exchange Comm’n v. Fowler, No. 20-1081, 2021 WL 3083655 (2d Cir. July 22, 2021), the United States Court of Appeals for the Second Circuit upheld a lower court judgment awarding the Securities and Exchange Commission (“SEC”) civil penalties, disgorgement, and injunctive relief in a securities fraud action against a broker engaged in unsuitable and unauthorized high-frequency trading.  The district court entered its judgment following a jury trial finding the defendant guilty of violations of Section 10(b) of the Securities Exchange Act of 1934, Rule 10b-5 promulgated thereunder, and Sections 17(a)(1), 17(a)(2), and 17(a)(3) of the Securities Act of 1933.  On appeal, defendant asserted that the action was subject to a five-year statute of limitations imposed by 28 U.S.C. § 2462 despite the parties having entered into tolling agreements.  Defendant also argued that the civil penalties assessed against him were excessive, and the disgorgement award failed to properly account for legitimate business expenses as required by Liu v. Securities & Exchange Comm’n, 140 S. Ct. 1936 (2020).  After reviewing its text and legislative history, the Second Circuit concluded in this matter of first impression that § 2462 is non-jurisdictional and, therefore, the district court had the power to hear the case in light of the parties’ tolling agreements.  The decision is important because it reaffirms the enforceability of tolling agreements between the SEC and its investigative quarries.  The court also rejected defendant’s arguments alleging improper civil penalty and disgorgement calculations.

Continue Reading Second Circuit Upholds Enforceability of SEC Tolling Agreements

The FedRAMP Program Management Office is seeking comments on its draft FedRAMP Authorization Boundary Guidance, Version 2.0, released on July 13, 2021. The public comment period currently is open and closes on September 13, 2021.

Continue Reading Watch Your Boundaries – FedRAMP Releases Draft Authorization Boundary Guidance for Public Comment

Many small businesses learn the hard way that a “bid protest” and a “size protest” differ in much more than name only. Whereas generally a “bid protest” challenges agency action taken in connection with a procurement and can be timely brought at the Government Accountability Office (“GAO”) or in the U.S. Court of Federal Claims (“COFC”) after award, a “size protest” challenges an offeror’s eligibility as “small” for a small business set-aside and must be filed with the U.S. Small Business Administration (“SBA”) within 5 days of contract award; otherwise, a disappointed offeror will forfeit its right to challenge the awardee’s size. While this consequential distinction may seem clear in a vacuum, a recent decision by the U.S. Court of Appeals for the Federal Circuit (“Federal Circuit”) demonstrates that distinguishing between a “bid protest” and a “size protest” may not always be so easy. Instead, the Federal Circuit’s decision leaves open the possibility that even when a timely size protest was not filed with the SBA, a disappointed offeror still may be able to challenge the contracting officer’s failure to refer an awardee of a small business set-aside to the SBA for a size status determination by filing a bid protest at the COFC.


Continue Reading “What’s In A Name?”: Federal Circuit Holds Claims Court Blurred Distinction Between ‘Size Protests’ And ‘Bid Protests’ In Dismissal For Failure To Exhaust Administrative Remedies

As called for in the May 12, 2021 Cybersecurity Executive Order (“EO”) released by the Biden Administration (discussed here), NIST met its deadline to release a definition of “critical software” within 45 days of the date of the Order.  The determination of what constitutes “critical software” is a key step in the process set forth in the Order for securing the software supply chain, which will culminate sometime next year in new Federal Acquisition Regulations for contractors that supply software.

Continue Reading Right on Time – NIST Releases Definition of “Critical Software” Per Biden’s Cybersecurity Executive Order

Ignore our prior prediction—the U.S. Court of Federal Claims definitely is NOT remanding the protest by Medline Industries, Inc. (“Medline Protest’) to the agencies for corrective action.  In a surprisingly scathing opinion issued June 22, 2021 by Judge David A. Tapp, the court made one thing very clear—the Department of Veterans Affairs’ (“VA”) transfer of its Medical Surgical Prime Vendor (“MSPV 2.0”) requirements to the Defense Logistics Agency (“DLA”) is dead on arrival.  After issuing a brief order on June 17 denying remand to the agencies for corrective action, the court detailed its reasoning in an opinion issued in a parallel protest filed by Owens & Minor Distribution, Inc. challenging (slightly) different aspects of the shifting MSPV 2.0 procurement (“O&M Protest”).  The government had moved for remand in both protests, and because the Medline Protest and O&M Protest involved the same parties and many common operative facts, the court issued a single opinion denying remand in both—and telegraphing that the outlook for the government in both cases is grim.  Piling on, the court took a few shots at the government for its litigation conduct and (more generally) its lack of acquisition planning.

Continue Reading Duck Hunt – The VA Cannot Escape The Medline Protest, And Takes A Few Shots In The Process

In February 2021, President Biden issued Executive Order 14017, “Executive Order on America’s Supply Chains” (discussed here), requiring (among other things) a report within 100-days requiring key government agencies to assess vulnerabilities and consider potential improvements to supply chains in four critical industries – (i) semiconductor manufacturing; (ii) high capacity batteries; (iii) rare earth elements; and (iv) pharmaceuticals.

Continue Reading At a Glance: White House 100-Day Supply Chain Report

In Van Buren v. United States, No. 19-783 (U.S. June 3, 2021), the United States Supreme Court issued an opinion drastically limiting the application of the Computer Fraud and Abuse Act (CFAA) (18 U.S.C. § 1030 et seq.), holding that the “exceeds authorized access” clause of the Act applies only to those who obtain information from particular areas in the computer—such as files, folders, or databases—to which the individual is not authorized to access under any circumstances. However, the Supreme Court excluded application of the clause to individuals who misuse their access to obtain information otherwise available to them for an unauthorized purpose.
Continue Reading Supreme Court Resolves Circuit Split Over CFAA

The U.S. Department of Veterans Affairs (“VA”) Medical Surgical Prime Vendor (“MSPV”) 2.0 Program (discussed previously here and here) has yet to make it off the ground, but in March 2021 the VA announced plans to eliminate the program by September 2023 and instead purchase from the Defense Logistics Agency’s (“DLA”) separate MSPV catalog. The VA and DLA MSPV programs are how the VA and DLA (separately) purchase most of their medical, surgical, and laboratory equipment for care centers across the country (and abroad, in the case of DLA). The VA and DLA have been exploring the possibility of consolidation since at least January 2019, but many vendors relied on the VA’s representations that it would not make any decisions on potential consolidation until at least 2025. So when the VA informed stakeholders of its new September 2023 target, Medline Industries, Inc. (“Medline”), one of the prime vendor awardees under the VA’s MSPV 2.0 Program, responded by filing a bid protest at the U.S. Court of Federal Claims. On May 28, 2021, the VA and DLA decided to take corrective action, asking the Court for six months to re-evaluate the issues raised by the protest. It seems that the government did not have all of its ducks in a row prior to announcing the targeted transition.
Continue Reading Ducks (Not) in a Row – VA Agrees to Take Corrective Action in Transitioning MSPV 2.0 Requirements to DLA

The National Institute of Standards and Technology (“NIST”) is seeking comments on its draft NIST SP 800-161 Rev. 1, “Cyber Supply Chain Risk Management Practices for Systems and Organizations,” published on April 29, 2021. The public comment period currently is open and concludes on June 14, 2021. NIST anticipates releasing a second draft in September 2021, with a final version anticipated to be released by April 2022.
Continue Reading Seeking HoNIST Opinions – NIST Invites Comments on Major Revision to Cyber Supply Chain Risk Management Practices for Systems and Organizations (SP 800-161) and Provides Further Software Supply Chain Guidance