After over a decade, the first action has been filed that may test the bounds of the Support Anti-Terrorism by Fostering Effective Technologies Act (“SAFETY Act”) of 2002. MGM Resorts International recently filed suit related to the October 2017 Mandalay Bay country music concert shooting, asking a federal court to rule that it cannot be held liable because the security technology used at the concert was certified by the Department of Homeland Security (“DHS”) under the SAFETY Act.

The SAFETY Act, enacted as part of the Homeland Security Act of 2002 (Pub. L. No. 107-296), provides incentives for the development and deployment of anti-terrorism technologies, including products, services and software (or combinations thereof), by creating systems of risk and litigation management. To benefit from SAFETY Act protections, a company must apply to DHS for approval of its technology as a qualified anti-terrorism technology (“QATT”). Upon submission of a SAFETY Act application, DHS engages in a detailed evaluation of the technology, including the effectiveness of the technology’s anti-terrorism capability.

Once a technology is deemed qualified, it is entitled, under federal law, to significant limitations on liability which may otherwise stem from a designated “act of terrorism.” For technology DHS “certifies” as qualified under the Act, the owner, seller and/or provider of the QATT is presumptively entitled to immunity from all tort claims for damages arising out of an act of terrorism associated with the protect or service. Alternatively, if the product or service receives a “designation” under the Act, potential tort liability is limited to the amount of insurance that DHS determines the applicant should maintain in connection with such losses. Significantly, the SAFETY Act affords protection not only to the owner of the QATT, it also protects other entities in the supply and distribution chains for the QATT products and services.

While DHS has approved over 800 SAFETY Act applications to date, the MGM suit is the first where a defense under the Act has been raised before a court. A key issue in the MGM suit will be whether the shootings were an “act of terrorism” under the Act. Because the suit is the first to raise a defense under the Act, the case will likely be of interest broadly to companies owning or deploying SAFETY Act QATTs, as well as those considering applications to DHS.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Evan D. Wolff Evan D. Wolff

Evan D. Wolff is a partner in Crowell & Moring’s Washington, D.C. office, where he is co-chair of the firm’s Chambers USA-ranked Privacy & Cybersecurity Group and a member of the Government Contracts Group. Evan has a national reputation for his deep technical…

Evan D. Wolff is a partner in Crowell & Moring’s Washington, D.C. office, where he is co-chair of the firm’s Chambers USA-ranked Privacy & Cybersecurity Group and a member of the Government Contracts Group. Evan has a national reputation for his deep technical background and understanding of complex cybersecurity legal and policy issues. Calling upon his experiences as a scientist, program manager, and lawyer, Evan takes an innovative approach to developing blended legal, technical, and governance mechanisms to prepare companies with rapid and comprehensive responses to rapidly evolving cybersecurity risks and threats. Evan has conducted training and incident simulations, developed response plans, led privileged investigations, and advised on hundreds of data breaches where he works closely with forensic investigators. Evan also counsels businesses on both domestic and international privacy compliance matters, including the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). He is also a Registered Practitioner under the Cybersecurity Maturity Model Certification (CMMC) framework.

Photo of Maida Oringher Lerner Maida Oringher Lerner

Maida Lerner is senior counsel in Crowell & Moring’s Washington, D.C. office and a part of the firm’s Privacy & Cybersecurity, Government Contracts, and Environment & Natural Resources groups. Maida counsels a broad group of clients in a variety of sectors on cyber…

Maida Lerner is senior counsel in Crowell & Moring’s Washington, D.C. office and a part of the firm’s Privacy & Cybersecurity, Government Contracts, and Environment & Natural Resources groups. Maida counsels a broad group of clients in a variety of sectors on cyber and physical security compliance and risk management, homeland security, and administrative matters, including trade associations and companies in the pipeline, transportation, government contracts, education, health care, and manufacturing sectors.

Photo of Matthew B. Welling Matthew B. Welling

Matthew B. Welling is a partner in Crowell & Moring’s Washington, D.C. office, where he practices in the firm’s Privacy & Cybersecurity and Energy groups. Matthew has a deep technical background that he leverages to represent clients in a wide range of counseling…

Matthew B. Welling is a partner in Crowell & Moring’s Washington, D.C. office, where he practices in the firm’s Privacy & Cybersecurity and Energy groups. Matthew has a deep technical background that he leverages to represent clients in a wide range of counseling and regulatory matters. His experience includes cybersecurity and privacy incident response, compliance reviews, risk assessments, and the development of corporate policies and procedures, such as incident response plans. Matthew has a diverse background in M&A and other corporate transactional issues, with specific recent experience with technology transactions, cybersecurity issues, and critical infrastructure project development.