Government Contracts Legal Round-Up | 2023 Issue 5
Government Contracts Legal Round-Up | 2023 Issue 7

Government Contracts Legal Round-Up | 2023 Issue 6

Welcome to Jenner & Block’s Government Contracts Legal Round‑Up, a biweekly update on important government contracts developments. This update offers brief summaries of key developments for government contracts legal, compliance, contracting, and business executives. Please contact any of the professionals at the bottom of the update for further information on any of these topics.

Legislative Update

Defense Federal Acquisition Regulation Supplement: Use of Supplier Performance Risk System (SPRS) Assessments (DFARS Case 2019–D009)

DoD issued a final rule amending the DFARS to update the policy and procedures for use of the SPRS and to require contracting officers to consider SPRS risk assessments, if available, in both the evaluation of quotations or offers and when determining contractor responsibility.

  • The final rule creates a new solicitation provision, DFARS 252.204-7024, Notice on the Use of the Supplier Performance Risk System.
  • Contracting officers will be required to consider item risk, price risk, and supplier risk in evaluating quotations or offers in response to solicitations for supplies and services (including FAR part 12 acquisitions of commercial products or services). The rule gives discretion to the contracting officer in considering the information available within SPRS.
  • Contractors are already required to conduct basic assessments of compliance with NIST SP 800-171 controls and submit scores to SPRS under DFARS 252.204-7020.
  • Contractors can access their own risk assessments in SPRS and challenge a rating generated by SPRS.

FOIA Update

Gandhi v. CMS, No. 21-CV-2628, 2023 WL 2707879 (D.D.C. March 30, 2023)

  • DC District Court Judge Cooper held that CMS failed to meet its burden to establish that Employer Identification Numbers (EINs) of health care organizations and their parent companies qualify as confidential records that may be properly withheld in response to a FOIA request.
  • University professors conducting research on whether CMS collects accurate data on the structure of health care providers submitted a FOIA request seeking unredacted EINs and parent company tax identifying numbers (TINs). The request implicated records for over 1.6 million health care providers, ranging from large corporate hospitals to small clinics and physician groups. The request did not seek social security numbers or data pertaining to individual health care providers or sole proprietors.
  • CMS asserted that it was prohibited from releasing the EINs or parent TINs under FOIA Exemption 4, which shields confidential commercial or financial information from disclosure, and Exemption 6, which protects personnel records, the disclosure of which would constitute a clearly unwarranted invasion of personal privacy.
  • Judge Cooper held that CMS failed to meet its burden under Exemption 4 to establish that at least some of the providers actually consider EINs and parent TINs to be confidential. While CMS appeared to perceive an obligation to keep that information confidential, CMS did not establish any firm obligation or assurance of confidentiality, and the plaintiffs provided evidence that at least some businesses do not treat the data as confidential (for example, through public SEC filings).
  • CMS also failed to present “competent evidence of a risk of corporate identity theft, or any other harm for that matter, stemming from the release…” of this information.
  • Judge Cooper further rejected CMS’s reliance on Exemption 6, because the request did not seek personnel information, and the government did not meaningfully defend its position once challenged.

Beyond the immediate release of EINs and TINs, Judge Cooper’s opinion is a reminder that federal agencies (and the companies that submit confidential information to those agencies) cannot hope to withhold information under FOIA based on vague, unsubstantiated assertions of confidentiality or privacy concerns. The FOIA Exemptions have elements, and those elements require careful briefing and meaningful evidence.

Protest Cases

Sierra7, Inc.; V3Gate, LLC, B-421109 et al. (January 4, 2023) (Published March 28, 2023)

  • GAO denied a protest alleging that the Department of Veterans Affairs failed to assess whether the awardee’s proposal was consistent with Section 889 prohibitions relating to acquiring certain telecommunications equipment made by companies affiliated with the Chinese government.
  • Under the solicitation for various types of personal computers, each offeror had to propose to quote devices from a single original equipment manufacturer (OEM). One offeror, AATD, quoted products from OEM Lenovo.
  • One protester alleged that the Lenovo computer products were inconsistent with the prohibition under FAR 52.204-25, which implements Section 889 of the Fiscal Year 2019 National Defense Authorization Act and prohibits the government from acquiring certain covered telecommunications equipment or services produced by Chinese government-affiliated or owned entities identified by DoD. The protester argued that the VA was required to analyze whether award to AATD complied with FAR 52.204-25, including by investigating the truthfulness of the offeror’s representation that its quoted products were not prohibited telecommunications equipment.
  • GAO denied the protest. Citing precedent that an agency is permitted to reasonably rely on a vendor’s self-representation of compliance with regulatory requirements, GAO found that there were no “concrete indications” that the offeror was providing prohibited telecommunications equipment or that Lenovo was subject to any exclusion listing.
  • GAO also rejected the assertion that the VA was obligated to conduct any investigation, stating that there was no evidence that the contracting officer was aware of several government public reports warning of cyberespionage risks associated with Lenovo products.

GAO’s decision did not entirely foreclose evaluation challenges invoking compliance with Section 889 requirements; however, protesters may have a more compelling argument where they can identify facial evidence that the awardee’s proposal was non-compliant as opposed to invoking extra-record information of which the agency should have been aware. Aside from issues in contract formation, Section 889 compliance continues to be an important risk area for government contractors.

Compel JV, LLC, B-421328 (March 8, 2023) (Published March 16, 2023)

  • GAO denied a protest challenging the Agency’s decision to exclude the protester’s proposal from consideration because the protester failed to include all the cost information required by the solicitation.
  • This request for task order proposals was issued under a previously awarded indefinite-delivery, indefinite-quantity (IDIQ) contract. In response to the IDIQ solicitation, offerors were permitted to submit cost-type proposals or time-and-materials (T&M) proposals. As relevant here, Compel was awarded a T&M IDIQ contract.
  • The task order request for proposals contemplated the award of a cost-type task order, but also provided that a T&M type task order “will be considered” for IDIQ contract holders with a T&M IDIQ contract. Additionally, offerors were required to complete a breakdown of estimated costs, including “all” cost elements specified.
  • Compel submitted a spreadsheet “in lieu of” the required breakdown of estimated costs, and did not provide summary cost calculations as specified in the solicitation. The agency ultimately found Compel non-compliant with the solicitation.
  • Compel protested, complaining that its proposal contained all the information required for a T&M proposal and that the solicitation contained latent ambiguities.
  • GAO disagreed. First, GAO found that the protester provided no meaningful explanation for how the solicitation’s specific requirements or the unique aspects of a T&M proposal afforded the company discretion to omit the specified summary cost information. Second, GAO found that any solicitation ambiguities were patent and thus any challenges were required to be filed prior to the deadline for proposal submission.

It is fundamental that a proposal must conform to the material terms of a solicitation, and that an offeror is responsible for submitting an adequately written proposal that contains all required information. Regarding protests challenging the terms of a solicitation, alleged solicitation defects that are apparent on the face of a solicitation must be protested prior to submission of proposals. Indeed, where terms of a task order solicitation are inconsistent with an underlying IDIQ contract, offerors should carefully consider whether a protest must be filed prior to the deadline for proposal submission.

J.E. McAmis, Inc. v. United States, COFC No. 22-570 (March 10, 2023) (Published March 27, 2023)

  • This COFC bid protest denial highlights the tension between small business policy goals and government contracting performance needs.
  • The Army Corps of Engineers issued a solicitation for jetty repair services that included special instructions regarding responsibility in accordance with FAR 9.104-2. Specifically, the solicitation provided that to be eligible for award, the bidder must have completed a project meeting certain criteria.
  • Two small businesses submitted bids: J.E. McAmis and Trade West Construction. The Corps determined that Trade West was non-responsible for not having previously performed a project that met the criteria. In response, Trade West appealed this determination to the Small Business Administration (SBA) by requesting a Certificate of Competency (COC) determination. Despite the Corps informing the SBA that it did not think Trade West could handle a project of this magnitude, SBA issued a COC for Trade West and directed the Corps to award the contract to Trade West. McAmis protested on multiple grounds.
  • At the outset, the Court held that although it could review an SBA finding of non-responsibility, it does not have jurisdiction over an affirmative COC determination by the SBA—Congress vested this power in the SBA.
  • Next, the Court found that McAmis conflated responsiveness and responsibility when arguing that the Agency “should have deemed Trade West’s bid as nonresponsive and rejected its bid for failing to provide any information required by the special instructions.” The special instructions referred to responsibility, which were distinct from whether Trade West’s proposal conformed in all material respects to the solicitation’s requirements.
  • Additionally, the Court held that the SBA did not violate its regulations by not following the solicitation’s heightened responsibility criteria when issuing its COC determination. Importantly, the Court affirmed that the SBA is not bound by the special standards of responsibility developed by contracting officers for certain acquisitions.

Small businesses should carefully examine any heightened responsibility criteria. For offerors who satisfy the criteria, it may be worthwhile to encourage the agency to fold these criteria into the evaluation. For small businesses facing non-responsibility determinations based upon special standards, appealing is crucial.