Maximum Protection

homas Day can't bear the thought of it-what if the U.S. mail were hit with another attack using anthrax, or some other biological agent? And what if the Postal Service didn't do anything to prevent, or at least mitigate, the risks? Worse yet, what if agency officials knew there was technology available that could detect biohazards, but they did not purchase and deploy it?

It's a scenario that Day, vice president of engineering for the Postal Service, and other top agency officials have grappled with for the past couple of years. After the anthrax attacks of October 2001, Postal Service officials knew they were entering a new world order. No longer could their security concerns be focused solely on workplace violence and explosives hidden in large packages. Now, they had to worry about lethal microbes stuffed inside an everyday 3-by-5 mailing envelope. Something had to be done.

"Could you imagine the moral dilemma we would be in if, in a year or two, there's another attack and we didn't do a thing?" says Day.

Almost immediately, Postal Service officials began inquiring about technologies to safeguard the mail. For a couple of months, the agency experimented with irradiating all mail sent to Washington. But doing that on a national basis was deemed impractical and unnecessary. Only mail sent to Washington-area federal offices is irradiated now. Other options started to emerge, including new ventilation systems for mail-processing plants and equipment to detect biohazards.

In March, the Postal Service signed a $175 million contract with Northrop Grumman to install biohazard detection equipment in 283 mail processing centers. The technology is being tested at 15 facilities across the nation. If it proves successful, another 100 facilities will get the equipment in early 2004, with the remaining plants ready to go by spring or summer.

But getting to this point was no easy task. At first, Northrop Grumman was unwilling to sign a contract to provide the technology. Top company executives worried about being sued should a biohazard slip through the system. Injured parties would undoubtedly file massive class action claims against the agency and the company, arguing that the technology failed to adequately protect the public.

Northrop Grumman officials were prepared to walk away from the table-and the money-unless the Postal Service could guarantee some level of legal protection. After months of tough negotiations, the organizations reached a compromise last spring. The Postal Service agreed to pay the costs of liability insurance for Northrop Grumman, to the tune of $10 million to $15 million over seven years. The costs were absorbed into the contract.

The Postal Service's situation is not unique. Public and private sector organizations are desperate to deploy anti-terrorism products and services. But no one wants to assume the tremendous financial burden that could result from massive lawsuits should new technologies fail to function properly during a terrorist attack. "You just can't put the company at risk. That is the bottom line," says Steve Carrier, vice president of business development and strategic planning at Northrop Grumman. Carrier also heads the company's homeland security division. At the same time, few federal agencies could afford to absorb the costs of insuring contractors, as the Postal Service has done.

The specter of what could happen has caused some firms to delay coming to market with anti-terrorism technology. For example, insiders at Raytheon Corp. say the company has been researching technology to scan cargo for explosives, but is reluctant to even talk about potential uses for the scanners because of liability concerns. Carrier says his company has passed on large procurements, mainly at the state level, because of the liability issue.

All that could change. In fact, many industry and government officials breathed a sigh of relief in mid-July when the Homeland Security Department issued a proposed rule providing liability protection to both sellers and buyers of anti-terrorism technology. The rule stems from the law that created the department last year.

Companies now can apply to have their products and services deemed "qualified anti-terrorism technologies." Once classified as such by Homeland Security, the firms will be legally protected in the event that their technology fails before or during a terrorist attack-assuming the failure was not based on negligence.The protection extends to technologies used by federal, state and local governments, as well as the private sector. It essentially limits the amount of money injured parties could get from companies. The rule also prohibits lawsuits against buyers of anti-terror technology.

But vendors and buyers wonder exactly how the department will implement the rule. And it's still not clear how the department will evaluate technology or how the insurance industry will respond to provisions requiring manufacturers to get coverage for their products. Homeland Security officials are plowing through comments they have received on the proposal. An interim final regulation should be published in the fall. Officials expect the rule to evolve over time. Nonetheless, they are charging ahead with reviewing applications and implementing the regulation.

"This is a brand new program," says John Mitnick, an attorney in the department's office of science and technology. "We are constantly learning as we go."

LIMITING LIABILITY

Demand for anti-terrorism technology grew rapidly in the days after the Sept. 11 attacks. But as the Postal Service found in its quest for biohazard detection equipment, companies were hesitant to come forward. "The problem is, we were not protected," says Carrier. "It's not only a problem at [the federal level] but in the states, too. We are being asked to bid on things, and there is unlimited liability."

The demand for anti-terrorism technology was high, but companies found it extremely difficult to get insurance covering such products. Insurance companies were jittery for several reasons. First, the potential cost of terrorism-related payouts is enough to hamstring the industry. Indeed, estimated insurance payouts related to the Sept. 11 attacks are expected to reach $40.2 billion, according to P.J. Crowley, vice president of the Insurance Information Institute. Other estimates, including those from the General Accounting Office, put the total as high as $50 billion.

Fearing another attack, insurance firms got nervous about even higher payments, especially if their clients were subject to class action suits. "We don't have a good deal of history for terrorism as the trigger for losses or a lawsuit," Crowley says.

In addition, the companies that provide behind-the-scenes financial support for insurance firms-known as reinsurers-became skittish about terrorism-related policies. Reinsurers take on some of the financial risk of providing insurance in return for a share of premiums paid by companies. Nearly 50 percent of losses from Sept. 11 are being borne by the reinsurance industry, according to Crowley. Without access to capital from nervous reinsurers, primary insurers can ill afford to issue policies to technology manufacturers, property owners or others.

At the state level, insurance firms were seeking permission from agencies to waive coverage for damages resulting from terrorist attacks. In states where they were denied such waivers, terrorism insurance became prohibitively expensive.

Congress responded to the situation with two pieces of legislation. Last November, lawmakers passed the 2002 Terrorism Risk Insurance Act. The law mandates that insurance companies provide customers with the option of buying terrorism coverage for their property and casualty lines. Should losses from a terrorist act exceed a certain amount-a prescribed percentage of the insurer's total business-the federal government will help pick up the tab. The law expires in three years. It's intended to provide primary insurers with financial stability until reinsurers come back into the market.

The other action has a more direct effect on contractors and federal agencies. In the legislation creating the Homeland Security Department, also passed last November, lawmakers included the 2002 Support Anti-Terrorism by Fostering Effective Technology Act, more commonly referred to as the Safety Act. Its intention is to promote the development of anti-terrorism technology by shielding vendors from massive lawsuits. The law is the basis for the rules issued by the Homeland Security Department in July.

GETTING TO SAFETY

Even before the Safety Act was passed, several agencies, including NASA and the Defense and Health and Human Services departments, had the ability under Public Law 85-804 to indemnify contractors working in unusually hazardous situations in which commercial insurance is not available. NASA has extended such coverage to contractors working on the space shuttle program. Doing so means the government would pay any claims against the manufacturer. Industry pushed to make broader use of that protection after the attacks.

"As it turns out, the federal government was very hesitant to provide that coverage" after Sept. 11, says Raymond Biagini, a partner with the Washington law firm McKenna Long & Aldridge, who helped write portions of the Safety Act. "Government officials started seeing that they could be putting the Treasury on the hook for potential liabilities with extraordinary risks."

Lawmakers opted for capping liability under the Safety Act. Still, the president can extend indemnification authority under Public Law 85-804 to any agency through executive order. But the administration is loath to do so.

Indeed, the Postal Service ran into this very situation. The agency tried to get authority to indemnify Northrop Grumman. The Bush administration, however, had decided not to extend Public Law 85-804 to other agencies. Just the opposite, in fact. In February, President Bush issued an executive order directing agencies to pursue Safety Act coverage for their procurements as a first option. The order suggests that the administration will only extend indemnification in extreme cases, says Biagini.

Under the Safety Act, manufacturers can submit products, such as bomb detection equipment, smart cards or chemical weapons sensors, to the Homeland Security Department for approval as anti-terrorism technologies. The rule also applies to service companies, although department officials are still working on exactly what types of services would qualify. Companies applying for the seal of approval are required to get a basic level of insurance coverage. In the proposed rule, the department does not specify the amount or type of such insurance.

Department officials are working with the insurance industry to figure out what types of policies are available and how to determine the right price, says Mitnick. It's an important point, because a company's liability is capped at the level of insurance it receives. Additionally, the law prohibits suits for punitive damages in cases involving anti-terrorism technology and directs all cases involving such technology to federal court. State courts tend to be more favorable to plaintiffs in product liability suits.

Under the rule, companies can apply for two levels of protection. The most basic level, and likely to be the most widely approved, caps liability. The next level allows firms to seek outright dismissal of any charges brought against them by injured parties. This is akin to the "government contractor defense," established by the Supreme Court in 1988, which protects contractors from lawsuits as long as their products meet government design specifications. "Building in the government contractor defense was a must," Biagini says, especially since it extends to products sold to state and local governments, as well as private entities. "We wanted to make sure that contractors were protected in the commercial sector as well as the public."

The rule allows companies to apply for both designations simultaneously, and Biagini is advising his clients to do exactly that. Gaining the higher level of protection will require a more thorough review of product design and performance by Homeland Security, though.

TIMING IS EVERYTHING

How the Homeland Security Department will conduct these reviews is still an open question. Already, the department has tapped the Technical Support Working Group, an interagency organization run out of the Defense Department, to help process applications from firms. Industry and agency sources say the department will have to seek more technical expertise to actually conduct product reviews, especially for companies seeking the higher level of protection.

The Postal Service's Day says it is critical that Homeland Security gets good analyses on the front end. "Evaluating technology is going to be a big task. I have a huge stack of portfolios from companies promoting their products. But the scientific validity remains to be seen," he says. "Trying to figure out which technology holds the most promise is the tough part."

Another challenge, he adds, is balancing the desire of scientists and researchers to conduct test after test with the need to deploy the technology quickly. In the case of biohazard detection equipment, "We had to keep pushing people to get the test results," Day says. "Scientists are used to studying things for years. You need to find a middle ground. You can't rush into it, but you can't wait three to five years."

Homeland Security will have its hands full trying to educate other agencies on the ins and outs of the Safety Act. The new rules note that most often other federal agencies will be the purchasers of anti-terrorism technology. Companies might not be willing to bid on contracts from such agencies unless they have Safety Act coverage. Homeland Security officials plan to work closely with other agencies to ensure that procurements are not stymied. In fact, the department plans to host a series of workshops across the country starting this fall to educate agency officials on the new regulations, according to Homeland Security spokeswoman Michelle Petrovich.

"Contractors can now feel confident that they can protect America and not do so by risking the company's well-being," says Biagini.