Mind Your Due Diligence: Section 889 and an Emerging Minefield of FCA Violations

Abstract

Section 889 of the 2019 National Defense Authorization Act is a statute that forbids contracts from (1) selling U.S. government equipment and services produced by Huawei and its affiliates; and (2) using such products as a significant part of their operations. It is intended to insulate U.S. supply chains from technologies developed by entities identified as posing a significant risk to national security. While the purpose is nationalistic, the prohibition as it is currently promulgated subjects federal contractors to substantial risks and burdens. It is unwieldly in its scope, cannot be consistently applied across contractors of different sizes or in varying industries, and provides poor definitions for material terms. The level of due diligence that is required for a contractor to be compliant with the ban’s multiple requirements is far too onerous to be sustainable and exposes contracting entities to liability under the False Claims Act. Instead of requiring contractors to expend extraordinary amounts of resources to institute robust compliance programs and bringing costly enforcement actions, the Federal Acquisition Regulatory Council should soften the collateral impact by further defining the statutory language and clarifying the scope and expectations of key provisions.

I. Introduction

“If China does not stop its illegal activities, including its theft of American trade secrets . . . I will use every lawful presidential power to remedy trade disputes. . . . Cheaters, that’s what they are. Cheaters.” One year into his 2016 presidential campaign, former President Donald Trump announced his aggressive plan to redraw the lines defining global trade. Although he claimed his administration would “end” the “trade war,” Trump’s presidency ignited new lines of attack against an old “threat”: the Chinese telecommunications giant Huawei.

Huawei, China’s telecommunications champion, has operated under a gaze of distrust and suspicion for over a decade. In October 2014, Huawei was banned from competing for U.S. government contracts based on espionage suspicions. A Federal Bureau of Investigation (FBI) memorandum identified signal intelligence as a “significant source of Chinese intelligence collection,” and described Huawei as a serious threat to U.S. network security due to its “opaque relationship with the Chinese Government.” Citing to the Chinese Communist Party’s (CCP) role as Huawei’s dominant subsidizer, the memorandum expressed concern over the level of influence the CCP had over the company’s decision-making. FBI Director Christopher Wray later reaffirmed the FBI’s fear of Huawei’s ability to “burrow into the American telecommunications market” to provide the CCP with access to “maliciously modify or steal information, conduct undetected espionage, or exert pressure or control.”

In May 2018, U.S. military bases were prohibited from selling Huawei phones due to the “unacceptable risk” that they posed to compromising sensitive personnel information and mission details. Tension between the United States and Huawei skyrocketed in January 2019 when two indictments charged Huawei and its affiliates for instating fraudulent schemes to steal proprietary technology from U.S. telecommunications competitors and with violating U.S. trade sanctions against Iran.

The ensuing fallout was far-reaching. Huawei’s Chief Financial Officer was arrested and detained in Canada for nearly three years. Trump “set[]” the “stage” to expel Huawei, not just from the United States but also from the global supply chains in which the United States participates, with an executive order that blocked Huawei from selling its equipment within the United States. The U.S. Department of Commerce mobilized soon thereafter to place Huawei on a trading blacklist, effectively banning the company from purchasing U.S. goods without first obtaining the U.S. government’s permission. U.S. federal contractors were pulled into the crusade with the introduction of Section 889 of the 2019 National Defense Authorization Act (Section 889). Divided into two parts that went into effect in August 2019 and August 2020, Section 889 prohibited federal contractors from selling the U.S. government products and services that incorporated Huawei technologies and from using any Huawei equipment or systems as substantial components of their critical technology. Following multiple rounds of tightening restrictions, Huawei reported diminished profit growth. Huawei’s rotating Chairman, Eric Xu, stated Huawei had missed its revenue target of US $135 billion—instead, Huawei allegedly landed at approximately CNY 858 billion (US $123 billion) in revenue by the end of fiscal year 2019. Xu claimed Huawei was “short by $12 billion . . . [as a] result of the U.S. sanctions.”

Huawei was not the only source voicing concerns over these increasingly restrictive regulations, however. Some believed Trump’s actions would create an “Iron Curtain” that would force foreign countries to choose between doing business with China or the United States. Officials at the U.S. Department of Defense argued the restrictions, which were created to preserve U.S. national security interests, could actually “undermine” them. Other government officials argued the rules could “discourage the use of American components abroad, weakening American firms and the country’s technological competitiveness.” Trump’s rush to implement “overly broad or restrictive controls to ‘protect’” the United States sparked fears over the potential weakening of a “global, open model of technology innovation” that would “strangle” U.S. technology without making the country itself more secure from technological threats.

The Trump administration’s pursuit to keep the U.S. government “strong against nefarious networks like Huawei” resulted in subjecting another collateral group to risk: federal contractors. According to a government official, implementing the two contracting bans was a “bid to limit [Huawei’s] influence” and require foreign companies to choose between Chinese firms and the U.S. government. This effort to expel Huawei and the Chinese government accelerated the speed at which the Trump administration imposed the government-wide ban, leading to a rule with impacts that would be “difficult to project,” but that would “affect nearly every contractor and subcontractor across the entire federal government.” An industry executive stated that “[c]ompliance with a complex rule, one with consequences that reach beyond prime contractors, could be confusing, complicated, and technically challenging.”

Although U.S. agencies have provided some guidance on the interim form of the regulations, there are still material ambiguities as to what the bans require, particularly with respect to the level of due diligence needed to determine whether an entity uses “covered telecommunications” equipment as an “essential component of any system.” The combination of certifying compliance with federal statutory requirements, combined with uncertainty and apprehension as to what those regulations require, appropriately generate concern. One of the top issues for contractors that leads to False Claims Act (FCA) investigations is noncompliance with requirements dictated in the Buy American Act, Trade Agreements Act, or other rules impacting sourcing decisions. The FCA is a powerful tool used by the U.S. government to combat contractor fraud and misrepresentations. The abstruse Huawei legislation exposes contractors to similar supply chain related compliance obligations, which means that contractors may be exposed to liability under the FCA. The unclear requirements of the Huawei prohibition and poorly scoped due diligence needed to confirm compliance will likely give rise to FCA investigations of government contractors. The Federal Acquisition Regulatory Council (FAR Council) should step in to clarify the statutory language to properly scope the expected level of due diligence when conducting a reasonable inquiry into a contractor’s supply chain.

While several other Chinese telecommunications entities are subject to the contracting bans, this Note focuses solely on Huawei and its affiliates. Part II of this Note provides background on the deterioration of the relationship between Huawei and the United States, the various legal challenges and regulations aimed at isolating Huawei from the U.S. economy and supply chains, an overview of the federal contracting ban concerning technologies developed by Huawei and its affiliates, and when liability under the FCA attaches to a claimant (i.e., a federal contractor). This section also includes a discussion on the requirements contractors must observe to be in statutory compliance with Section 889. Part III will focus on the current material weaknesses of the Section 889 contracting prohibitions and how contractors might unwittingly find themselves subject to liability under the FCA. Finally, Part IV concludes by proposing that the appropriate remedy to avoid triggering widespread FCA investigations, and incurring crippling costs associated therewith, is for the FAR Council to further define the statutory language of the Huawei contracting prohibition.

II. Background

Founded in 1987 by Ren Zhengfei (Ren) and based in Shenzhen, China, Huawei has become a leading global telecommunications provider and the largest seller of smartphones and telecommunications equipment. In its fiscal year report for 2019, Huawei claimed its annual revenue reached CNY 858,833 million (US $131 million), primarily attributed to the success of its consumer business (smartphones, tablets, computers, converged home devices) and carrier business (network infrastructure) sectors, generating CNY 467,304 million (US $71 million) and CNY 296,689 million (US $45 million), respectively.

Apart from its rapid growth and apparent success, Huawei’s “claim to fame” is its development of fifth-generation (5G) network technology. As the technology that will increase data speeds of modern mobile technology, operate artificial intelligence functions in cars and other machines, and connect nearly all electronic devices in the world, 5G is considered to be the “central nervous system of the 21st-century economy.” Despite the company’s young age, Huawei is reported to own more 5G-related patents than any other firm and conducts an “ever-growing tally” of innovative field-testing. By April 2019, Huawei claimed to have secured thirty contracts to build advance 5G networks across the globe.

However, certain information about this technological giant is far less transparent and has raised concerns. Huawei claims it is a private company “wholly owned” by a labor union comprised of 121,269 of its employees. It also purports the underlying shareholding scheme is exclusively available for participation by Huawei employees. Huawei’s actual ownership structure is unclear, however. Although the company purports that no outside organizations, including those affiliated with the CCP, hold any shares, there is little ability to verify Huawei’s control and financing when it is not “at least a partially publicly traded company.”

While corporate records indicate Huawei’s registered legal owner is the labor union, critics researching the company’s ownership believe the employees’ virtual stocks have “nothing to do with financing or control” and make up a “profit-sharing incentive scheme.” However, Jiang Xisheng, Chief Secretary to Huawei’s board of directors, claimed that employees share in the company’s financial successes and losses and that, while the union has no influence over Huawei’s business operations, shareholders are entitled to elect members to the Representatives’ Commission, which in turn elects members of the Board of Directors.

The lack of corporate transparency and verifiable information, compounded with a history of the Chinese government exerting control over the country’s private businesses, continues to fuel suspicions throughout the world, regarding not only the state’s connection to Huawei but the extent of its control. Such distrust has resulted in chilling economic effects for Huawei. In August 2018, the Australian government banned Huawei from providing 5G technology for the country’s wireless network due to national security concerns. The United Kingdom followed suit in July 2020, citing a lack of confidence in the future safety of Huawei equipment, banned Huawei from its 5G infrastructure, and gave its major operators until 2027 to remove all Huawei technology from their networks. In October 2020, Swedish courts upheld a decision to ban Huawei from participating in building Sweden’s 5G network. These bans are of grave consequence for Huawei, as Huawei reportedly relies on its business in Europe, the Middle East, Africa, and the Asia-Pacific region to generate approximately 32.2% (CNY 276,540 million or US $42 million) of its annual revenue.

A. The United States’ National Security Concerns

Although friction between the United States and Huawei has garnered significant public attention with recent legal disputes, U.S. officials have been wary of Huawei for quite some time. The concerns stem from Ren’s past work as a technician for the People’s Liberation Army prior to founding Huawei and reports that the CCP has heavily subsidized Huawei by investing tens of billions of dollars in the company over time.

In February 2011, a Huawei executive, Ken Hu, issued an open letter to the U.S. government seeking to address “long-standing and untrue rumors and allegations regarding Huawei.” Hu, asserting once more that Huawei is privately owned, rejected allegations that Huawei received financial support from the Chinese government. Hu explained that Huawei accepted tax incentives from the government to support research and development activities, similar to how companies in the United States receive tax incentives or subsidies. Hu went on to deny security concerns, alleging that Huawei is unable to use its technology to steal information or launch network attacks on U.S. entities. The letter concluded with an invitation to the United States to conduct a formal investigation to abate any remaining concerns.

The U.S. government accepted that invitation, but the investigation did not satisfy the U.S. government in a manner that Hu likely expected. On October 8, 2012, the House Committee on Intelligence (Committee) issued a report on counterintelligence and security threats posed by Huawei and another Chinese telecommunications company. Throughout its year-long investigation, the Committee flagged a number of concerning findings: (1) Huawei likely remained dependent on the Chinese government for financial support; (2) Huawei’s scarce assertions denying Chinese support were not credible; (3) Huawei failed to provide clear answers or any information on the company’s connection to the military, and why a CCP Committee was maintained in Huawei; and (4) evidence supported a pattern of Huawei disregarding intellectual property rights of U.S. entities and Huawei officials engaging in potentially illegal behavior.

The Committee made several recommendations: notably, that the U.S. government and federal contractors should exclude Huawei component parts and equipment from U.S. government systems and sensitive programs. It concluded that Huawei’s evasiveness and inability to provide complete answers to questions paramount to determining the legitimacy of security issues only strengthened doubts, and encouraged the United States to “view with suspicion the continued penetration of the U.S. telecommunications market by Chinese telecommunications companies.”

Suspicions of Huawei increased further with China’s passage of its National Intelligence Law on June 28, 2017, which requires organizations and citizens to “support[], assist[] and cooperat[e] with national intelligence efforts,” and promises to “protect” those who have “established cooperative relationships” with intelligence operations. Normalizing reliance on citizens in the Chinese government’s intelligence and security priorities may go beyond mandating cooperation with law enforcement and may include “compel[ling] corporations to assist in offensive intelligence operations.” This is even more likely given that the Chinese government provides tens of billions of dollars in state assistance to support the company’s astounding growth. A recent analysis of public records, including Huawei’s own statements and land-registry documents, indicated the company received as much as US $75 billion in state assistance, including US $46 billion in loans and credit facilities from state lenders and up to US $25 billion in tax savings between 2008 and 2018. This level of state support combined with the mandate of cooperating with intelligence operations gives credence to U.S. concerns over Huawei’s relationship with the CCP.

B. Waging War Against Huawei

1. Blacklisting Huawei

U.S. efforts to close its doors to Huawei escalated on May 15, 2019, with Trump’s executive order (Executive Order) prohibiting U.S. companies from doing business with entities deemed to be a national security threat. The Executive Order described a perceived trend of foreign powers “exploiting” telecommunication networks, which are uniquely vulnerable due to their ability to “store . . . vast amounts of sensitive information, facilitate the digital economy, and support critical infrastructure and vital emergency services.” Unlimited use of technology and services developed by entities owned or controlled by “foreign adversaries” were deemed an “extraordinary threat” with “potentially catastrophic effects” on U.S. national security and digital infrastructure.

Later that day, the Bureau of Industry and Security (BIS) of the U.S. Department of Commerce named Huawei and sixty-eight of its non-U.S. affiliates on a list (Entity List) that identifies entities posing serious risks to the United States’ national security. Placement on the Entity List means licenses are required for particular exports, reexports, and transfers of items subject to the U.S. Export Administration Regulations (EAR) to the listed entities. For Huawei, this meant that American manufacturers and developers could not sell or transfer certain technologies without first obtaining a license. Within days, U.S. entities began stepping away from Huawei. Google reportedly suspended business with Huawei that required transferring hardware, software, and technical services, aside from projects covered by open-source licenses.

On August 17, 2020, the BIS announced its release of a final rule that significantly expanded U.S. control over export restrictions. It extended license requirements to items made overseas known to be “incorporated into” or used in the “production” or “development” of any “part,” “component,” or “equipment” produced, purchased, or ordered by Huawei and its affiliates identified on the Entity List, and to situations wherein Huawei is a party to any transaction involving the item, including as a “purchaser,” “intermediate consignee,” “ultimate consignee,” or “end-user.”

These executive and commercial trade mandates were aimed at curtailing Huawei’s access to U.S. technology and ability to penetrate U.S. infrastructure. But these amendments began to give rise to liability concerns for U.S. entities that were supplying semiconductors or the technology required for their development. These companies were required to evaluate their “direct and indirect relationships” with Huawei and its affiliates identified on the Entity List. Companies would have to monitor which of their products were subject to the trade regulations and revise contract provisions to factor in the BIS requirements. However, as discussed further in Section III, compliance with the BIS requirements would only be a scintilla of the overall compliance regime set forth in the Executive Order that federal contractors would need to implement to avoid legal repercussions.

2. The Indictments

In January 2019, two unsealed indictments filed in the Western District of Washington and the Eastern District of New York charged Huawei, its affiliates, and Meng Wanzhou (Meng), Huawei’s Chief Financial Officer and Ren’s daughter, for conspiring to steal trade secrets and concocting a scheme to defraud financial institutions to circumvent sanctions and engage in transactions worth millions of dollars in Iran. On February 13, 2020, the U.S. Department of Justice (DOJ) added racketeering charges to hold Huawei responsible for acting as a criminal enterprise. The superseding indictment also included additional charges of conspiracy to steal trade secrets, revealing Huawei’s decades-long efforts to steal proprietary technology and copyrighted works—e.g., source code and user manuals for Internet routers, command line interfaces, antenna technology, and memory hardware—from at least six U.S. technology companies.

The alleged scheme to steal trade secrets involved (1) entering into confidentiality agreements with owners of the intellectual property to gain access into laboratories, abusing that grant of restricted access, and misappropriating the technologies for Huawei’s use; (2) recruiting employees of other companies to create “internal turmoil,” and directing and incentivizing them to misappropriate their former employers’ intellectual property; (3) using proxies, such as professors working at research institutions or other technology companies, who would conceal their connections to Huawei and impermissibly acquire proprietary information on nonpublic intellectual property; and (4) instituting a formal bonus program to reward employees who obtained confidential information from target companies. These calculated methods of misappropriating intellectual property allegedly enabled Huawei to benefit financially by selling products with stolen technologies and saving on research and development costs, which Huawei in turn used to expand and operate its business worldwide.

In response to a U.S. extradition request based on charges of fraud laid out in the indictments, Canadian officials arrested Meng in Vancouver on December 1, 2018. On May 27, 2020, a Canadian court denied Meng’s attempt to fight extradition to the United States, finding extradition could move forward with the threshold for “double criminality” being met. The “double criminality” principle prevents extradition to another country for prosecution where, had the roles of the requesting and requested state been reversed, the latter would not have made a similar extradition request. Associate Chief Justice Holmes of the Supreme Court of British Columbia held that Meng’s deliberate false statements, made to a financial institution to obfuscate the relationship between Huawei and its Iran-based affiliate to work around U.S. sanctions, would have amounted to fraud in Canada.

On September 24, 2021, the DOJ entered into a deferred prosecution agreement (DPA) with Meng, ending the lengthy extradition proceeding. As part of the DPA, Meng accepted responsibility for knowingly making material misrepresentations to an executive of a U.S. bank regarding Huawei’s business in Iran in order to “preserve Huawei’s banking relationship with the financial institution.” She also agreed not to commit other federal, state, or local crimes. Meng’s full compliance with the DPA through December 2022 will result in the DOJ dropping all charges against her. Huawei, however, remains a target that the DOJ is pursuing.

C. National Defense Authorization Act of 2019

Section 889 prohibits the U.S. government and federal contractors from (1) procuring or obtaining “covered telecommunications equipment or services” produced by Huawei (among other high-risk entities) as a “substantial or essential component of any system” (Part A); and (2) entering into contracts with contractors that “use[] any equipment, system, or service” or incorporate covered Huawei equipment or services as a “substantial or essential component” or “critical technology” (Part B). In oversimplified terms, Part A concerns the sale of covered products and services to the U.S. government, whereas Part B deals with entities that want to perform a U.S. government contract and use the covered products and services.

1. Prohibitions Under Section 889

Part A of Section 889 went into effect on August 13, 2019. It contains three primary implications for government contractors: (1) they are prohibited from selling the federal government equipment or services that incorporate Huawei technology as a “substantial or essential component;” (2) they are required to report discovery of any covered equipment or services within one business day; and (3) prior to contract award, every offeror must represent they do not incorporate covered Huawei technologies in their services. The requirement to report any prohibited equipment or services discovered during the course of performing a contract also applies to subcontractors.

Part B of Section 889 went into effect on August 13, 2020. It is significantly more far reaching than Part A. The statute prohibits the federal government from entering into a contract with any “entity that uses any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as a critical technology as part of any system.” The prohibition applies to all federal contractors—domestic and international—and all federal contracts, including micro-purchase contracts, and reaches a multitude of industries, including “health-care, education, automotive, aviation, and aerospace industries; manufacturers that provide commercially available off-the-shelf (COTS) items; it also applies to contractors that provide building management, billing and accounting, and freight services.” In addition, the bar against using Huawei and its subsidiaries’ technologies as a “substantial or essential component” in a contractor’s operations applies “regardless of whether that use is in performance of a Federal contract.” The “use” prohibition only applies to the prime contractor in privity with the federal agency (i.e., the “entity” that “enters into a contract” with a federal agency). Thus, the prohibition does not “flow down” to subcontractors that do not directly enter into an agreement with an agency “at any tier.”

2. Statutory Compliance and Requisite Due Diligence

Under Section 889, all contract solicitations are subject to representation and reporting requirements. Specifically, all offerors are required to represent that they “will” or “will not” provide any “covered telecommunications equipment or services” to the federal government and, after “conducting a reasonable inquiry,” that they “do[]” or “do[] not” use prohibited technologies in their own systems. If a contractor discovers banned “equipment or services” are used as a “substantial or essential component” of its operations, or as a “critical technology” within any of its systems, that contractor must report that information to its contracting officer. Representations that an offeror, first, will not provide the federal government with and, second, does not use forbidden Huawei technologies will be made available in the System for Award Management (SAM), such that other offerors and agencies can review the list of entities that are excluded from receiving federal contracts.

A “reasonable inquiry” to determine whether a contractor makes use of prohibited technologies is one “designed to uncover any information in the entity’s possession about the identity of the producer or provider of covered telecommunications equipment or services . . . that excludes the need to include an internal or third-party audit.” Any findings following an examination of documents and other records in an entity’s possession must be represented to the U.S. government, particularly with respect to “all equipment, systems, and services, regardless of geographic location, used by the offeror, including equipment, systems, and services owned or provided by other companies (e.g., affiliates, parents, subsidiaries, subcontractors, suppliers).” Thus, although due diligence does not extend to other entities outside the offeror itself, the contractor must still ensure that technologies provided by suppliers and other third-parties that it uses in its systems are not affiliated with Huawei.

An examination of the specific information required in certifications sheds some light on the level of due diligence expected of federal contractors. If an offeror discloses that it “will” provide “covered telecommunications equipment or services,” or uses prohibited “equipment, system, or service” as a “substantial or essential component” of its operations, it must provide details on the entity that produced the equipment or a description of the covered service (including brand, model number, manufacturer part number, and wholesaler number) and an explanation of the proposed use of such equipment.

In implementing the ban under Section 889, the FAR Council set forth a six-step plan to help contractors shape “robust, risk-based compliance” programs to minimize the risk of violations, particularly with respect to Section B. The FAR Council’s plan proposes that an entity (1) familiarize itself with the regulation and necessary actions to remain compliant; (2) conduct a reasonable inquiry into relationships with any subcontractors or suppliers for their use of “covered telecommunications” technologies; (3) educate the contractor’s professionals on its compliance plan; (4) prepare procedures for replacing any prohibited equipment or services that are discovered; (5) provide the U.S. government with accurate representations of whether such technologies are used by a contractor; and (6) develop plans to “phase-out” such technologies where an entity seeks a waiver.

3. Repercussions for Noncompliance

A federal contractor that provides deficient or inaccurate certifications to the U.S. government potentially faces several grave consequences. These include cancellation or termination of a contract, as well as financial repercussions. In addition to direct risks to the specific contractual arrangement, potential investigations and subsequent suits filed under the FCA pose risk of even greater harm. A contractor that violates the FCA may be liable for treble damages, plus a penalty adjusted for inflation, which can devastate a company’s finances. It may even face suspension and/or debarment from federal contracting.

D. The False Claims Act

The FCA has been used by the U.S. government to recover losses induced by fraud for over a century. Enacted in 1863, it was originally used to hold contractors responsible when they sold sawdust instead of gunpowder or sold handicapped horses to the army during the Civil War. Today, the DOJ uses the FCA to “deter[] fraud against the government and to ensur[e] that citizens’ tax dollars are protected from abuse and used for their intended purposes.” In 2020, the DOJ recovered more than US $2.2 billion in settlements and judgments from FCA cases, bringing the total amount recovered since 1986 to over $64 billion.

The FCA continues to be used as the government’s main tool to investigate allegations that federal contractors have defrauded the federal government. Liability under the FCA is imposed when a contractor, among other behaviors, knowingly presents a false or fraudulent claim for payment or approval, or knowingly making use of a false statement that is material to a fraudulent claim. “Knowingly” is defined as: (i) having “actual knowledge of the information;” (ii) acting in “deliberate ignorance of the truth or falsity of the information;” or (iii) acting in “reckless disregard of the truth or falsity of the information.” The term “claim” is a request for money made either directly to the government, or to a contractor if the money is spent on the government’s behalf.

The FCA’s knowledge requirement can be satisfied in circumstances where a person does not actually know that his or her conduct is unlawful. The “deliberate ignorance” standard is intended to cover “blind eye” or “ostrich type situation[s] where an individual has buried his head in the sand and failed to make simple inquiries which would alert him that false claims are being submitted.” In other words, a person may be “consciously aware . . . that material facts are unknown, but does not need to have actual knowledge that the conduct is wrongful.” Similarly, “reckless disregard” can be met if a person’s conduct amounts to an “extreme version of ordinary negligence” or “gross negligence-plus”.

Within FCA liability lies the concept of false certification theory, which comes in two forms: express and implied. Under express false certification, a contractor violates the FCA upon submitting a claim that it expressly complied with “a particular statute, regulation or contractual term” either when seeking payment on the contract or at another point throughout contract performance. “So long as the statement in question is knowingly false when made, it matters not whether it is a certification, assertion, statement, or secret handshake; FCA liability can attach.” Under implied certification theory, which is explained in more detail below, a contractor is liable under the FCA when it insinuates compliance with relevant requirements when it submits an invoice for payment.

1. Escobar and Implied Certification Theory

Liability under a theory of implied false certification applies when a contractor tacitly certifies that it is in compliance with relevant statutory, contractual, or regulatory requirements each time that it submits an invoice for payment to the government. The seminal case affirming this theory as a basis for FCA liability is Universal Health Services, Inc. v. United States ex rel. Escobar.

Prior to the Supreme Court’s decision in Escobar, appellate courts had differing views on the applicable scope of the FCA and threshold conditions that triggered implied certification theory. The First Circuit looked primarily to whether the defendant “knowingly” misrepresented compliance with a “material precondition” for payment. It rejected the notion that a claim for payment could only be false or fraudulent when made after failing to comply with an “expressly stated” condition. The Tenth Circuit took an even broader position, concluding that a contractor did not have to “conclusively” be aware that the government would not remit payment “were it aware of the falsity,” only that the “government may not have paid.”

Other courts have taken a narrower approach when applying the FCA. The Fifth and Sixth Circuits have held that implied certifications of compliance with ancillary requirements created liability when the certification at issue was an express “prerequisite to obtaining a government benefit” (i.e., “condition of payment”).

The Supreme Court resolved this circuit split in Escobar, stating that FCA liability did not hinge on “the label the Government attaches to a requirement” or whether the requirements were “expressly designated” as conditions precedent to payment. Rather, it depended on whether the claimant “knowingly violated a requirement” he or she knew to be “material” to the government’s decision to pay. The Court also held that the theory of implied false certification can be a basis for liability when: (1) “the claim does not merely request payment, but also makes specific representations about the goods or services”; and (2) the claimant’s “failure to disclose noncompliance with material statutory, regulatory, or contractual requirements makes those representations misleading half-truths.” While this two-part test narrowed the scope of implied certification theory by turning on the claimant’s “representations about the goods or services,” it also expanded the scope of liability to cover any requirement “material” to payment, not just express conditions.

Escobar’s heightened “materiality” standard is significant. The intended “rigorous” and “demanding” application sought to ensure FCA liability would not be imposed on “garden-variety breaches of contract or regulatory violations” and become an “all-purpose antifraud statute.” Now, the government’s express identification of a statute, regulation, or contractual obligation as a condition of payment, though relevant, was “not automatically dispositive” as to whether or not FCA liability was created. The court in Escobar held that instances in which the government paid a claim without any objection while aware of non-compliance with a contract term suggested that the violated requirements were not “material.” Rather, the list of what would meet the “proof of materiality” standard includes evidence that the claimant knew that the government “consistently refuses to pay claims in the mine run of cases based on noncompliance with the particular statutory, regulatory, or contractual requirement.” Alternatively put, Escobar emboldened courts to look to the government’s actual conduct and payment on false claims.

III. Dangers Associated with the Current State of Section 889

Section 889 Part A’s prohibition against selling the U.S. government “telecommunications equipment produced by Huawei” and its subsidiaries is relatively straightforward. Yet Part B is rife with ambiguities that makes a contractor’s ability to diligently adhere to its statutory obligations untenable. The lack of clearly defined terms leaves application and interpretation up to each entity’s business judgment that is shaped by its own various idiosyncrasies. Companies’ inconsistencies in observing the prohibition will invariably lead to problems.

A. Material Failures of the Statutory Language

1. Ambiguous and Poorly Defined Terms

Several material terms in Part B’s prohibition are either circular in their reasoning or lack concrete definitions entirely. First, there is no clarity on what constitutes “use” of forbidden technologies. Following a webinar covering the Section 889 prohibitions on July 30, 2020, the General Services Administration (GSA) received comments from over seventy-one entities in the contracting community. The GSA, however, was unable to answer basic queries, including whether the “use” provision applied to employees’ remote telework setups and applications like Zoom. During another webinar on September 10, 2020, the GSA again stated it was not in a position to provide further insight into the application of “use” and that it did not have answers as to when, or even if, a list of applicable Huawei subsidiaries and affiliates would be developed.

Second, the definition provided for a component that is “substantial or necessary” is one that is “necessary for the proper function or performance of a piece of equipment, system, or service.” Apart from being entirely circular, this definition does not account for contractors, or their suppliers and vendors, that are located in rural or underdeveloped jurisdictions that exclusively rely on Huawei technologies because no alternatives exist.

Third, “covered telecommunications equipment and services” includes those produced by Huawei “or any subsidiary or affiliate.” However, there is no easy way to determine all the subsidiaries and affiliates of Huawei. Aside from the entities identified in the BIS’s Entity List, contractors are not provided with a conclusive list of subsidiaries and affiliates that they must identify. Huawei is considered to be the “world’s biggest telecommunications network equipment supplier” and has operations in over 170 countries. Its technologies have a pervasive presence throughout the world, especially in areas—such as Europe—where Huawei has helped build out network infrastructure. The absence of a concrete list of banned entities demands that federal contractors become overnight experts in Chinese corporate law to determine which of Huawei’s subsidiaries and affiliates to watch for.

2. Lack of Proper Scoping and Uniform Applicability

At first glance, a “reasonable inquiry” is a tantalizing standard; a federal contractor can ostensibly satisfy its due diligence requirements by conducting a review of the documents and information in its possession to identify whether it uses any prohibited equipment in its operations. But this standard of reasonableness does not absolve a contractor of its responsibility to examine its supply chain to ensure its suppliers and subcontractors are not using prohibited technologies in their services to the prime contractor. In addition, there is no guidance on whether contractors must conduct a review of every document, every memorandum, and every piece of correspondence to satisfy a “reasonable inquiry,” or if they must also look to public information and media coverage, particularly where contractors have reason to believe their suppliers or vendors may not be providing accurate or complete certifications. Huawei holds 56,492 active patents on “telecommunications,” “networking,” and other “high-tech inventions worldwide.” This begs the question of whether federal contractors are unreasonably expected to research and understand which technologies might be patented, developed, and/or produced by Huawei or any of its affiliates.

Whether it is due to its size, geographic location, or the industry in which it operates, each company conducts its due diligence and assesses risk differently. Large contractors may have the financial means and resources to establish robust compliance programs to examine the various products and services provided through their supply chains to identify covered technologies. However, smaller entities are unlikely to be able to commit the funds and personnel to identify and track every product and service it uses in its operations. This constraint will result in smaller contractors either being excluded from competing for federal contracts for their inability to comply with Part B, or opening themselves up to FCA liability if their due diligence systems are ill-equipped to capture a violation and they had reason to know they could be misrepresenting compliance with Section 889. The financial burden of compliance, however, is likely to be extreme, regardless of an entity’s size. Indeed, the Council of Defense and Space Industry Associations described the obligations stemming from Part B as “one of the most expensive acquisition regulations ever enacted . . . exacerbated by the unprecedented time” of the global COVID-19 pandemic, where “many [contractors] are already struggling to survive.”

B. Impending Enforcement Actions Under the FCA

A contractor’s exposure to potential FCA liability is not limited to its submission to the U.S. government seeking payment for its goods or services. In addition to contract-specific representations, contractors must make annual certifications on SAM that they do not make use of any forbidden telecommunications equipment, irrespective of whether such usage is “in performance of a Federal contract,” to be eligible to compete for work. In making these annual certifications, a contractor may subject itself to FCA liability under the implied certification theory. Following Escobar, FCA liability will attach when a contractor makes “specific representations” about its goods or services, and when it “knowingly”—whether through “actual knowledge,” “deliberate ignorance,” or “reckless disregard”—fails to “disclose noncompliance with material statutory, regulatory, or contractual requirements.” After a contractor conducts the requisite due diligence in an effort to comply with Part B, its verification may serve as a “specific representation” that it is indeed in compliance with a “material statutory” provision. The poorly scoped compliance expectations of Part B pave a path for contractors to rely on their ill-defined “reasonable inquir[ies]” when making their certifications, despite knowing their limited compliance program likely did not capture the presence of a prohibited technology in their computer, a camera in their warehouses, cellular device, printer, or the automated console that controls the ventilation in their office space. The consequences that they can expect to face for incomplete reporting include protracted litigation, treble damages, potential suspension or debarment, and reputational harm. These penalties present substantial concerns are reasons why liability should not be based on such a vague regulation.

IV. Solutions to Mitigate Risks of Future FCA Violations

At most, the problems with Section 889 call for legislative revision. Its current formulation lacks clear instruction and bright lines that are required for such broad prohibitions to be effective and fair to contractors who want to comply. Some may contend that Section 889 as it is currently promulgated has achieved its intended goal of eradicating Huawei technologies from the U.S. marketplace. This past year, Huawei’s sales in North America fell by “double-digit percentages,” leaving the telecommunications entity to lean more heavily on its market in China. The impact has even been felt by smaller companies that do not hold U.S. federal contracts. For example, Eastern Oregon Telecom, a small wireless carrier servicing 4,000 customers in a rural community, has been required by the Federal Communications Commission to “rip-and-replace” the $500,000 worth of Huawei products that it depends upon.

The ambiguities and material failings of the statute nonetheless carve a path that may lead to widespread violations of the FCA—a path of compliance that many federal contractors may see as the only viable option to remain eligible to compete for work and continue their businesses. Enforcement actions under the FCA demand a significant amount of time, funds, and personnel from both the government and contractor when they arise. In addition, with a significant increase in government-initiated FCA cases in fiscal year 2020 (250 non qui tam matters, the highest total number since 1994) and the DOJ highlighting cybersecurity as a likely area with “enhanced [FCA] activity,” federal contractors face great scrutiny in attempting to comply with Section 889. If the likelihood of running afoul of the FCA can be mitigated by clarifying expectations and requirements for compliance under Section 889, it is in the best interest of both the U.S. government and federal contractors to ensure such clarifications happen.

At a minimum, Section 889 requires clarification. While legislative action is desirable, there is a more realistic actor that is capable of providing much needed guidance: the FAR Council. Although Congress enacted Section 889, it is the FAR Council that implemented the prohibitions as regulatory requirements for “Government-wide procurement policy and . . . activities in the Federal Government.” Indeed, Congress encourages the FAR Council to use its authority to initiate amendments to the Federal Acquisition Regulation (FAR) to address procurement matters. As such, even if Congress leaves the terms and scope of Section 889 vague, the FAR Council is equipped to amend FAR provisions, solicit feedback from federal contractors, and issue guidance documents to ensure that preventable FCA actions are not initiated.

A. Defining Material Terms

First, the FAR Council should clarify the key terms that are of principal concern: “use” and “substantial or essential.” The current concept of “use” covers use for any purpose and in any capacity, impacting federal contractors in all sectors that “provide unrelated goods and services” but depend on covered technologies as “incidental but essential components of their operations.” Rather than leave interpretation to the contracting community, the FAR Council should elaborate on how, where, and to what extent such use is prohibited. If a means to achieve Section 889’s end of preserving U.S. national security is to diminish federal contractors’ reliance on equipment produced or controlled by Huawei and its affiliates, then the FAR Council should be able to distill actual, definitive examples of activities that can support that goal. For instance, forbidden use might be triggered when a contractor’s employee utilizes a desktop, laptop, or tablet with Internet connectivity capabilities that allows the user to send and receive emails, and access company files, regardless of the geographic location, position, or department of the employee. This would be consistent with Section 889’s goal to alleviate threats of the CCP infiltrating U.S. “cyber operations” and gaining access to “sensitive technologies and intellectual property.” On the other hand, prohibited use might not apply to the security cameras or the computer systems that store such recordings of a contractor’s supply warehouse. This interpretation would align with an exception to Section 889, which limits application of the statute to equipment that “cannot route or redirect user data traffic or permit visibility into any user data or packets that such equipment transmits or otherwise handles.”

Similarly, the FAR Council should issue examples of technologies that are considered “substantial or essential” to a system, such that contractors can relate or analogize technologies in their own operations. For instance, the routing processor or switching fabric might be a critical component to a wireless router, whereas the output port might not. The signal processor or frequency transmitter might be deemed a critical aspect of a cellular phone, while the battery might not. In both examples, output ports and batteries are “necessary for the proper function” of the pieces of equipment but may not be used as a “substantial or essential” component of a contractor’s system. Concrete illustrations can help guide contractors in evaluating the products and services used in their systems and understand what types of technologies they should pay particular attention to.

B. Providing a Complete Entity List

Second, the FAR Council should provide clarity on the entities that fall under “any subsidiary or affiliate” of Huawei by publicizing a list of all known Huawei entities subject to the prohibitions. The FAR Council may be able to accomplish this goal by first adopting BIS’s Entity List—either in whole or in part. As previously discussed, the Entity List identifies Huawei and sixty-eight of its non-U.S. affiliates as entities that pose a significant risk to the United States’ national security. Entities are placed on the Entity List when there is “reasonable cause to believe, based on specific and articulable facts that [an] entity . . . poses a significant risk” of engaging in activities that conflict with the United States’ foreign policy interests. Decisions on whether to add or remove entities are made by the End-User Review Committee (ERC), which is comprised of representatives from several U.S. federal agencies, including the U.S. Departments of Commerce, State, Energy, Treasury, and, notably, the Department of Defense (DoD).

The prohibitions imposed on federal contractors under Section 889 are similarly intended to address “security risks” associated with “exfiltration of sensitive data from contractor systems arising from contractors’ use of covered telecommunications equipment or services.” Using the Entity List as a template for entities covered by Section 889 will promote efficiency, particularly given the alignment of goals to preserve U.S. national security and that representatives from the DoD compose membership of both the ERC and FAR Council. Although the stringent standard requiring “specific and articulable facts” may exclude relevant affiliates and subsidiaries of Huawei, the FAR Council can build upon the existing framework that names nearly seventy entities that federal contractors can identify and subsequently avoid or expunge from their own systems. From there, the FAR Council should direct its resources toward discerning additional covered entities and the typical equipment and services that they manufacture or produce. This clarification will mitigate contractors’ impossible task of recognizing banned products that are developed by entities that have not even been identified as being connected to Huawei.

In addition, to ensure a comprehensive entity list relevant to Section 889 remains current, the FAR Council should consider absorbing institutional knowledge by soliciting periodic feedback from the contracting community as to any Huawei subsidiaries and affiliates they have come in contact with through prior business dealings and their due diligence procedures.

C. Scoping a “Reasonable Inquiry”

Third, the FAR Council should establish practical bounds to a “reasonable inquiry.” While a standard of reasonableness provides a federal contractor with the ability to shape a risk-based due diligence plan according to the nature of its business, size, and the agency with which it is contracting, such flexibility may not always be accorded when evaluating liability under the FCA. As such, the FAR Council should define a base level of reasonable diligence that can potentially immunize a contractor from liability under the FCA.

As previously discussed, the FCA requires an actor to act “knowingly.” This element can be demonstrated where an entity acts in “deliberate ignorance” or “reckless disregard” of false information. The FAR Council should consider imposing a minimum threshold of maintaining complete and accurate records that show a contractor has (1) identified all legal entities that are named in the entity’s contracts; (2) certified it has reviewed all information and documents in its possession, including supplier and inventory agreements; and (3) reviewed all technologies and services used within its operations and by its employees, both in the office and at home.

Requiring a standard that can be consistently applied by all federal contractors—regardless of their varying characteristics—may not only diminish a contractor’s vulnerability to liability under the FCA, but may also establish a baseline level of collective compliance with Section 889’s expectations. Indeed, contractors should be wary of relying on their own self-certification systems. In a recent case, a California district court rejected a contractor’s attempt to dismiss a complaint that alleged it “fraudulently entered into contracts with the federal government despite knowing they did not meet the minimum standards required to be awarded a government contract.” Although it does not concern the sale of equipment or services to federal agencies and predates Section 889, this case involves a contractor’s inability to meet minimum cybersecurity requirements that mandate a contractor provide “adequate security” to protect information on information systems. Rather than leave each contractor to assess and self-certify compliance on their own terms, the FAR Council should establish a mandatory minimum that all federal contractors can observe.

V. Conclusion

The purpose of Section 889 is clear: to prevent the intrusion of “telecommunications and video surveillance products and services” that are developed by entities believed to be “controlled” by the CCP to protect the national security of the United States. However, if the U.S. government intends to place the onus of preserving the security of the country on federal contractors, it must give them the guidance and information necessary to comply with their responsibilities. The contracting prohibition, as currently written, fails to provide clarity on significant terms and expectations, and it demands an ill-defined standard of reasonableness. Agencies’ guidelines on how to develop and shape compliance programs, while helpful, cannot be applied uniformly due to the varying natures of business, sizes, and finances of federal contractors. The combination of a path to compliance riddled with pitfalls and stringent requirements that contractors are expected to fulfill is likely to lead to a rise in enforcement actions under the FCA. Instead of expending public resources to prosecute contractors for FCA violations, the FAR Council should clarify the material terms of Section 889 and be explicit about the scope of due diligence required to satisfy its requirements.