In the aftermath of the 9/11 attacks, there were many in the private sector who were reluctant to address the terrorist threat, and to deploy security technologies and services due to the enormous liability risks involved. The fact is that there are a large number of attack scenarios that can be imagined, and without the implementation and deployment of security technologies used to detect, deter and mitigate those attacks, facility owners and operators — of places such as office buildings, stadiums or other commercial space — could be exposed to extraordinarily large third-party liability claims.
However, technology developers shared a well-founded fear that should there be another act of terrorism, the company that provided the anti-terrorism technology could face a significant legal liability. In addition, after the attacks on 9/11, there were few incentives for innovation without liability protections. As the private sector owns and operates most of the nation's critical infrastructure and key reserves, this reluctance created the potential for under-investment in necessary security technologies and capabilities.
In response to this reluctance, Congress enacted the SAFETY Act of 2002 as part of the Homeland Security Act of 2002, Public Law 107-296, which created the Department of Homeland Security (DHS). The SAFETY Act is codified at 6 United States Code 441-444, and 6 Code of Federal Regulations, Part 25 details the Department's implementing regulations. In short, the Act provides liability protections that are a critical incentive for the providers who develop and deploy anti-terrorism technologies.
As the SAFETY Act is a statute enacted by Congress and not just internal department policy, Congress expects DHS to implement it in a manner consistent with its legislative intent. Per the Final Rule, this responsibility falls to the Under Secretary of the DHS Science and Technology Directorate who, through an application process, issues protections to qualifying companies. Each application is carefully reviewed by subject-matter experts to determine if the technology meets the criteria set forth by Congress, prior to making a determination that the technology is considered a qualified anti-terrorism technology (QATT).
The protections offered through the SAFETY Act apply to a broad range of technologies, including products, services and software — or combinations thereof. There are two levels of liability protections: Designation and Certification.
Designation: The seller's liability for products or services that are deemed "Designated Technologies" is limited to the amount of insurance that DHS determines the seller must maintain. A Developmental Testing & Evaluation Designation may also be obtained for promising QATTs that are undergoing testing and evaluation in an operational setting.
Certification: In addition to the benefits provided under Designation, Certification allows a seller of anti-terrorism technology to assert the Government Contractor Defense for claims arising from an Act of Terrorism.
It is important to note that the SAFETY Act is not an all-hazards statute. The SAFETY Act liability limitations only apply for claims arising out of, relating to or resulting from an Act of Terrorism where QATTs have been deployed. For the purposes of the SAFETY Act, the Secretary of DHS makes the determination as to whether or not an Act of Terrorism has occurred. SAFETY Act protections would not, for example, be applicable if a technology was used in response to a natural disaster or in an incident that the DHS Secretary did not determine to be an act of terror.
Congress was clear, both in the text of the SAFETY Act and in the Act's legislative history, that the SAFETY Act can and should be a critical tool in expanding the creation, proliferation and use of anti-terrorism technologies. This is a shared goal that the Office of SAFETY Act Implementation (OSAI) in the Research and Development Partnerships Group in the Science and Technology Directorate works to meet. In doing so, OSAI encourages the development and deployment of QATTs by critical infrastructure owners and operators and technology developers.
For additional information on the SAFETY Act Program, please visit www.safetyact.gov.
Richard Fenton is Vice President of Corporate Security, Safety and Investigations with Detroit-based Illitch Holdings, Inc. Andrea T. Schultz CPP, works in the Office of SAFETY Act Implementation, Department of Homeland Security.
MOTOR CITY SAFETY
Illitch Holdings Inc. (IHI) is a professional services company that supports businesses owned by Detroit entrepreneurs Michael and/or Marian Illitch. The family of businesses includes two professional sports teams, the Detroit Tigers and Detroit Red Wings. Christopher Illitch serves as president and CEO of IHI. The security and safety of our employees and guests has always been the highest operational priority for our sports and entertainment venues.
In meeting this critical operational priority, we examined the DHS SAFETY Act application process four years ago by attending regional presentations by the SAFETY Act office staff. We established a close working relationship with our local DHS Protective Security Advisor, and at the national level with the DHS Commercial Facilities Sector. This relationship evolved to include participation with DHS working groups established for venue guest screening, credentialing, bag searches, VBIED/IED training and, most recently, the CCICADA Best Practices in Anti-Terrorism Security for Sporting & Entertainment Venues Resource Guide (BPATS).
Our engagement with the various DHS Sector Representatives and the SAFETY Act Office, coupled with our work with the League Security Offices for both Major League Baseball and the National Hockey League — as well as the National Center for Spectator Sports Safety and Security (NCS4) — served as the foundation for the comprehensive review and revision of our standard operating procedures, and a significant capital investment in security technology and systems at our professional sports venues and entertainment venues.
The first step in the process was to examine security best practice documents from a number of sources, including Major League Baseball, National Football League, National Hockey League, National Basketball Association, NCS4 Sports Event Security Aware (SESA), and the DHS Protective Measures Guide for U.S. Sports Leagues. We created a spreadsheet, which cross-referenced shared best practices and critical operational mandates amongst the various best practices. These shared best practices and critical operational mandates became our baseline for our self-appraisal.
As we completed our self-appraisal, we worked with our local DHS/Protective Security Advisor to develop specific training initiatives, including Soft Target Awareness, Threat/Risk Assessment, VBIED vehicle inspections, Bomb-Making Awareness Program, Critical Incident Protocol, Community Emergency Response Training (CERT), First Observer and more. Each of these training initiatives were conducted by DHS subject-matter experts, and served as a catalyst for support at all levels of our organization.
At each step in our DHS SAFETY Act application, we found their entire staff to be fully supportive in sharing our common goal of making spectator sport safety and security a national priority.
This article originally appeared in the Spring 2015 issue of Gameday Security with the title "Surveying the SAFETY Act"