section 889 telecommunications prohibition

Fara Fasat said:

Does anyone know

https://www.fcc.gov/supplychain/coveredlist

https://media.defense.gov/2022/Oct/05/2003091659/-1/-1/0/1260H COMPANIES.PDF

On 9/15/2023 at 5:42 PM, Fara Fasat said:

Does anyone know if any government agency maintains an updated list of the subsidiaries and affiliates,

I don't know. But you may have success ordering a Dun & Bradstreet (D&B) report. https://docs.dnb.com/credit/en-US/viewing_a_report/ownership

For a detailed article regarding company identity issues you may start with https://sgp.fas.org/crs/misc/R44490.pdf

Thanks Carl. however that first link merely repeats the names of the 5 primary companies and does not list the subsidiaries, so it doesn't help much.

The second link looks more useful, but there is nothing on the document to identify it or where it came from. Was it created by DoD? If not, do you know what agency originated it? Is it published on a website so that we can access updates?

Please be careful that you don't make this harder than it needs to be.  For example, see the definition of "reasonable inquiry" and an offeror's/contractor's duty thereto in FAR subpart 4.21 and the provision and clauses it prescribes.  And also, note that the contracting officer may generally rely on an offeror's representation of "does not" or "will not" in these matters.

Definitely not my intent. However it does seem reasonable to learn the identities of the companies whose equipment you cannot sell to the government or use internally.

I found a little more information about the second link that Carl provided. Besides not knowing who created the list, it actually is a different list from the 889 prohibition. The provided link is a list of Chinese Military companies operating in the US, as required by the 2021 NDAA. There may be some overlap, but it is not a list of the subsidiaries covered by the 2019 NDAA telecommunications prohibition.

When the 889 prohibition first came out, the University of Minnesota and a couple law firms published lists. I'm wondering if they or anyone else maintain updated lists. I suppose it's too much to ask of the government itself to provide a list of the companies it has made subject to the prohibition.

I don’t think the government maintains any such list.  As noted in the original post, there are hundreds of subsidiaries and affiliates.  Plus there are multiple types of those.  It would be a huge task to identify all the potential sources and keep it current.  The solicitation certification below puts the responsibility of the offeror.  Offerors can query their suppliers if they don’t know themselves.  

Quote

4.2103 Procedures.

(a)  Representations.

(1)  

(i) If the offeror selects "does not" in paragraphs (c)(1) and/or (c)(2) of the provision at  52.204-26 or in paragraphs (v)(2)(i) and/or (v)(2)(ii) of the provision at 52.212-3, the contracting officer may rely on the "does not" representation(s), unless the contracting officer has reason to question the representation.

Fara Fasat said:

Was it created by DoD?

Annually - https://www.defense.gov/News/Releases/Release/Article/3180636/dod-releases-list-of-peoples-republic-of-china-prc-military-companies-in-accord/

Fara Fasat said:

first link merely repeats the names of the 5 primary companies and does not list the subsidiaries

Did you read the reference 47 C.F.R. § 1.50000 et seq regarding how the list is prepared and inclusive of?

@Fara Fasat @ji20874 @formerfed

The following portion of this GAO Protest may be of interest as support to the discussion - https://www.gao.gov/products/b-421109%2Cb-421109.2%2Cb-421109.3%2Cb-421109.4

"Compliance with Prohibited Telecommunications Regulations"

Fara Fasat said:

provided link is a list of Chinese Military companies operating in the US, as required by the 2021 NDAA. There may be some overlap, but it is not a list of the subsidiaries covered by the 2019 NDAA telecommunications prohibition.

When the 889 prohibition first came out, the University of Minnesota and a couple law firms published lists. I'm wondering if they or anyone else maintain updated lists. I suppose it's too much to ask of the government itself to provide a list of the companies it has made subject to the prohibition.

Relying upon an offeror’s self certification is like burying your head in the sand. 

”Our Office has repeatedly explained that where an agency has no information prior to award that would lead to the conclusion that the vendor, or the product or service to be provided, fails to comply with the solicitation’s eligibility requirements, the agency can reasonably rely upon a vendor’s representation/certification of compliance. See, e.g., Kipper Tool Co., B-409585.2, B‑409585.3, June 19, 2014, 2014 CPD ¶ 184 at 5 (denying protest that agency could not reasonably rely on representations regarding compliance with the Trade Agreements Act); KNAPP Logistics Automation, Inc.,”

How is an offeror supposed to know if a company is or isn’t a subsidiary of a prohibited source? By relying upon a certification by that company?

When I was a consulting engineer in the late 1970’s, my boss repeatedly derided the entire idea of self “certications” by vendors and contractors. We avoided reliance upon certifications to the maximum possible extent.

C Culham said:

Annually - https://www.defense.gov/News/Releases/Release/Article/3180636/dod-releases-list-of-peoples-republic-of-china-prc-military-companies-in-accord/

Carl - you keep posting that. It is for a different NDAA. That list is in response to the 2021 NDAA, and is a list of Chinese military companies operating in the US. I'm looking for the companies prohibited by section 889 of the 2019 NDAA:  A) the subsidiaries of the 5 named companies (Huawei, ZTE, etc.) and B ) a list of companies designated by the SecDef ("an entity that the Secretary of Defense ... reasonably believes to be an entity owned or controlled by, or otherwise connected to, the government of a covered foreign country."). 

C Culham said:

Did you read the reference 47 C.F.R. § 1.50000 et seq regarding how the list is prepared and inclusive of?

*sigh* yes and again it is not relevant. The FCC list does not A) list the subsidiaries of the 5 named companies (Huawei, ZTE, etc.) or B ) list the companies designated by the SecDef.

joel hoffman said:

How is an offeror supposed to know if a company is or isn’t a subsidiary of a prohibited source? By relying upon a certification by that company?

Yes.  "[W]here an agency has no information prior to award that would lead to the conclusion that the vendor, or the product or service to be provided, fails to comply with the solicitation’s eligibility requirements, the agency can reasonably rely upon a vendor’s representation/certification of compliance."

From the GAO case provided by Carl--

Quote

Compliance with Prohibited Telecommunications Regulations

V3Gate contends that the VA failed to meaningfully consider whether purchasing Lenovo products from AATD complied with FAR clause 52.204-25, which prohibits agencies from contracting for certain telecommunications equipment. V3Gate Protest at 10. In this regard, V3Gate broadly argues that the Lenovo computers quoted by AATD “fall within [the] expansive definition” of covered equipment found in FAR clause 52.204-25, as equipment linked to the Chinese government. Id. at 11. The protester asserts that the agency was required to analyze whether issuing a delivery order to AATD complied with FAR clause 52.204-25. Id. at 12.

In response, the agency asserts that it fully complied with the applicable regulatory prohibition. V3Gate MOL at 12. Specifically, the VA explains that it included the pertinent FAR clauses in the solicitation, and requested that vendors self-certify whether they provide covered telecommunications equipment in their quotations. Id. (citingFAR 4.2105, mandating the insertion of FAR clauses 52.204-24, Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment; 52.204-25, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment; and 52.204-26, Covered Telecommunications Equipment or Services-Representation in the solicitation). The VA maintains that the contracting officer here reasonably relied on AATD’s representation that it did not provide covered equipment or services. Id. (citing FAR 4.2103); see V3Gate AR, Tab 15, AATD Quotation, AATD Self-Certifications at 2.

Our Office has repeatedly explained that where an agency has no information prior to award that would lead to the conclusion that the vendor, or the product or service to be provided, fails to comply with the solicitation’s eligibility requirements, the agency can reasonably rely upon a vendor’s representation/certification of compliance. See, e.g., Kipper Tool Co., B-409585.2, B‑409585.3, June 19, 2014, 2014 CPD ¶ 184 at 5 (denying protest that agency could not reasonably rely on representations regarding compliance with the Trade Agreements Act); KNAPP Logistics Automation, Inc.,

B-406303, Mar. 23, 2012, 2012 CPD ¶ 137 at 4 n.1 (same, with respect to the awardee’s small business size certification); New York Elevator Co., Inc., B‑250992, Mar. 3, 1993, 93‑1 CPD ¶ 196 at 2 (same, with respect to compliance with the Buy American Act).

Based on our review of the record, we find no basis to sustain this protest ground. At the outset, we agree with the VA that upon receiving a self-certification from AATD, representing that the company did not provide or use covered equipment, the agency could rely on the veracity of that representation. Specifically, FAR clause 52.204-26 mandates that a vendor should review the excluded entities list in the SAM, and then self-certify compliance with the prohibited telecommunications regulations. Further, FAR section 4.2103 provides that the contracting officer may rely on vendors’ “does not” or “will not” “representation(s) [included in FAR clauses 52.204-24 or 52.204-26], unless the contracting officer has reason to question the representation.” FAR 4.2103(a)(1)(i), (2)(i).

Here, there were no concrete indications that AATD was providing prohibited telecommunication equipment. In fact, V3Gate does not claim--nor can it--that Lenovo is subject to any exclusion listing. Rather, the protester asserts that, in light of the “well-known connection between Lenovo and the Chinese Government,” the VA should have investigated the truthfulness of AATD’s representation that its quoted products were not prohibited telecommunications equipment. V3Gate Comments & Supp. Protest at 11.

We see no merit to the protester’s contentions. While the protester cites to a number of publications, including a 2019 Department of Defense Inspector General report and the 2015 cybersecurity alerts issued by the Department of Homeland Security, which warn of cyberespionage risks associated with Lenovo products, there is no evidence that the contracting officer was aware of these sources or should have been. Accordingly, we do not find that this information gave rise to an obligation to investigate AATD’s FAR clauses 52.204-24 and 52.204-26 representations.

Nor do we agree with V3Gate’s allegation that the contracting officer was required to investigate “whether or not the Secretary of Defense . . . belie[ves that Lenovo was connected to the government of China, by] contacting the [Department of Defense] or reviewing other published lists of such published entities.” V3Gate Comments & Supp. Protest at 12; see also Protest at 12. We find no such a requirement in the existing regulations. This protest ground is denied.

A contracting officer's reliance on an offeror's self-certification in these circumstances is entirely reasonable.

But the OP might be asking from the offeror's perspective, which is different from the contracting officer's perspective.  An offeror needs to do what FAR 52.204-24/25/26 asks for.

I thought I found the answer, but now I'm not sure. FAR 4.2102(d)(1) says that the 5 entities and their known subsidiaries will be recorded in SAM. 4.2102(d)(2) says that entities identified by the SecDef will be recorded in SAM. Great, the lists should be in SAM.

Not so fast. There don't appear to be any lists. Instead you have to either search for an excluded party, or you can download a list of all excluded parties. If you are looking for a list of subsidiaries of Huawei, ZTE, et al, good luck. You can't search for a name you don't know. If you download the entire list, it is almost 150,000 entries long. If you want only those subject to the telecom prohibition, again good luck. The only choices for the type of exclusion are "ineligible", "Prohibition/restriction", or "voluntary exclusion." 

Furthermore, I doubt the spreadsheet has all the subsidiaries. The last list I saw had 20-30 entries for Huawei, and the SAM spreadsheet only has 6 or 7. And who can tell whether it has the entities designated by the SecDef.

If anyone knows where the lists are buried in SAM (as required by 4.2102(d)), let us know. Otherwise, back to square one.

ji20874 said:

Yes.  "[W]here an agency has no information prior to award that would lead to the conclusion that the vendor, or the product or service to be provided, fails to comply with the solicitation’s eligibility requirements, the agency can reasonably rely upon a vendor’s representation/certification of compliance."

From the GAO case provided by Carl--

Relying on a self-certification in these circumstances is entirely reasonable.

And entirely stupid.

ji, I was fully aware of the GAO case. I quoted from it.

If the US is truly, deeply concerned about “Cybersecurity”, they wouldn’t rely upon self-certification by anybody, which apparently means that they don’t know who the constantly changing subsidiaries of the five listed firms are.

Fara Fasat rightfully wonders and is reasonably concerned where or if the US is tracking and/or listing subsidiaries.

Cybersecurity is critical, not to be trifled with.

Bureaucracy at its lowest.

My opinion.

ji20874 said:

Relying on a self-certification in these circumstances is entirely reasonable.

Relying on self-certification is hollow, bureaucratic B.S. in these circumstances (Cybersecurity). It’s a gaping security hole.

I wonder what the new US Cyber Command would think of relying on contractor self-certification concerning their sources - especially when everyday government offices can’t even find a database of affiliates of the “big five”. 

joel hoffman said:

Relying upon an offeror’s self certification is like burying your head in the sand.

My opinion.

Maybe we need to rely more on ARTIFICIAL intelligence (AI) to seek out and maintain a current list of affiliates of banned companies if it is too much trouble for a government employee to do it.

@joel hoffman,

What do you expect a contracting officer to do? It seems like Fara Fasat is trying hard to do more than just rely on a self-certification, but is getting nowhere.

delete...stay tuned

Don Mansfield said:

@joel hoffman,

What do you expect a contracting officer to do? It seems like Fara Fasat is trying hard to do more than just rely on a self-certification, but is getting nowhere.

@Don Mansfield, I’m on @Fara Fasat’s side!  I commend him/her for his/her concerns and efforts. I probably would have done something similar if I was still working - especially concerning cybersecurity in today’s world situation.

I learned from my boss 45 years ago not to rely on or trust certifications. It’s the system here that sucks.

I don’t agree with a statement that relying on a certification** concerning cybersecurity is “entirely reasonable”.

You go, Fara!!!
 
**especially from the business (sales) side of a firm. My consulting firm owner would NEVER accept a certification from the business side of a firm.

Fara Fasat said:

Carl - you keep posting that

Yes I did but the second post was in direct response to your question as to whether the list was DoD created?   In my first post I posted the "list" in my second post I posted the press release link that provided it.  Sorry it frustrated you but I simply answered your question!

I would also provide while you may disagree that the list is not Section 889 generated others do.   Reference -  https://www.pilieromazza.com/dod-releases-new-list-of-section-889-banned-entities/    

Fara Fasat said:

*sigh* yes and again it is not relevant.

I will again leave you to your belief but my read and research suggests otherwise.  The reference CFR states that FCC's list includes "...Equipment or service being covered telecommunications equipment or services, as defined in section 889(f)(3) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Pub. L. 115–232; 132 Stat. 1918); or A specific determination made by an appropriate national security agency;..."  Seems relational to me.

As I have followed and posted to the thread I have the feeling expressed by others.  You are trying too hard to find a "list" of subsidiaries and affiliates and what is before you is it!

Fara Fasat said:

Great, the lists should be in SAM.

My research suggests that it is inclusive of the excluded parties list in SAM.gov.   I am not going to take time to research whether all names on the lists I have referenced for you are therefore excluded parties but I suspect they are.   So again why worry up front?   A contractor is advised to review excluded parties.   And the government shall do the review for a contract to award.  If you are doing presolicitation research and hear of a firm of concern do the same.   And if you are worried about a sub do the same.

Reference - https://sam.gov/opp/b2ce0b6998b64976a935e7d5510397bd/view

"Offeror shall review the list of excluded parties in the System for Award Management (SAM) (https:// www.sam.gov) for entities excluded from receiving federal awards for covered telecommunications equipment or services."

To attempt to effectively comply with the Section 889 ban, It would seem that solicitations for telecommunications equipment or services  should also require the proposers to identify all sources and specifically check SAM and specifically affirm that each source is not a disqualified firm in SAM.

The ban includes using any banned sources of equipment, services or systems/programs in a firm’s own business operations. I think it’s an unrealistic (unstated) expectation for a (all) prospective federal bidder, offeror, contractor to inventory every service or telecommunications device, then search SAM to determine compliance, then certify compliance with the ban.

If the Section 889 ban is truly an  Nationally important imperative, then similar to a performance specification, two simple certification check boxes don’t really make any sense without some substantiation requirement to verify that the proposer has actually cross-checked SAM for each equipment or service source .

As President Ronald Reagan learned, then proclaimed: “Trust but Verify”. *  

*The Russian proverb “doveryai, no proveryai (доверяй, но проверяй)” means 'trust, but verify'.

https://en.m.wikipedia.org/wiki/Trust,_but_verify#:~:text=Soviet–American relations,-1985 Reagan–Gorbachev&text=Suzanne Massie%2C an American scholar,'trust%2C but verify'.

joel hoffman said:

To attempt to effectively comply with the Section 889 ban, It would seem that solicitations for telecommunications equipment or services  should also require the proposers to identify all sources and specifically check SAM and specifically affirm that each source is not a disqualified firm in SAM.

I am confused.  Does not 52.204-26 require this?  Onerous or not I think the message of the requirement to check is clear.

C Culham said:

I am confused.  Does not 52.204-26 require this?  Onerous or not I think the message of the requirement to check is clear.

Yes, you are confused.

Im proposing that the bidder/offeror/proposer provide substantiation beyond simply a certification X’d/checked box. That’s not verifiable.

They are already required to review SAM for each proposed source or supplier. To me then it should be no more onerous to identity/list them in their proposal and confirm that they specifically reviewed SAM.

I wrote performance specs during my career. Performance specifying should always include means of  “substantiation” (verification).

The same concept would seem prudent here - particularly since this is an important NATIONAL Cybersecurity issue. Fara Fasat has raised real concerns…

However, I don’t know any reasonable or practical way for either the company or the government to verify that the firm doesn’t have any prohibited sourced items or services in their own company operations.

For gosh sakes Carl, that list you keep posting is for a different NDAA and is a different requirement. It is not, repeat, NOT, a list of entities covered by section 889 of the 2019 NDAA. Piliero made the same mistake. Their article claimed it was an 889 list, but then they link to a list whose title clearly states: "Entities Identifed as Chinese Military Companies Operating in the United States in Accordance with Section 1260H of the William M. ("Mac"} Thornberry National Defense Authorization Act for Fiscal Year 2021 (Public Law 116-283)." The title alone gives it away.

As for the FCC list, it just names the 5 companies (Huawei, ZTE, et al). Unless it is buried somewhere else, I do not see a list of all the subsidiaries and affiliates of those companies.

At this point, I think the only thing a company can do is go through its ERP system, identify all entities it has bought telecommunications equipment from, and then search for those companies in SAM. However I will add that I am not at all confident that all prohibited entities are entered in SAM. In addition, if the SecDef has designated (under FAR 4.2101) additional entities, is it that hard to make that list available on a DoD website, maybe DCMA or DLA?

Joel,

I'm trying to understand your position, so I took the liberty of marking up FAR 4.21 in the way it seems to me that you think it should have been written given that you oppose reasonable contracting officer reliance on offeror certifications. 

Am I getting it right?

-------------------------------------------------

FAR 4.2103 Procedures.

      (a)(1)(i) If the offeror selects "does not" in paragraphs (c)(1) and/or (c)(2) of the provision at 52.204-26 or in paragraphs (v)(2)(i) and/or (v)(2)(ii) of the provision at 52.212-3, the contracting officer may [shall not] rely on the "does not" representation(s), unless the contracting officer has reason to question the representation. If the contracting officer has a reason to question the representation, the contracting officer shall follow agency procedures.

      * * * * *

      (a)(2)(i) If the offeror selects "will not" in paragraph (d)(1) of the provision at 52.204-24 or "does not" in paragraph (d)(2) of the provision at 52.204-24, the contracting officer may [shall not] rely on the representations, unless the contracting officer has reason to question the representations. If the contracting officer has a reason to question the representations, the contracting officer shall follow agency procedures.

            (ii) If [Regardless of whether] an offeror selects "will" [or “will not”] in paragraph (d)(1) of the provision at 52.204-24, the offeror must provide the information required by paragraph (e)(1) of the provision at 52.204-24, and the contracting officer shall follow agency procedures.

            (iii) If [Regardless of whether] an offeror selects "does" [or “does not”] in paragraph (d)(2) of the provision at 52.204-24, the offeror must complete the disclosure at paragraph (e)(2) of the provision at 52.204-24, and the contracting officer shall follow agency procedures.

      * * * * *

-------------------------------------------------

For gosh sakes Carl, that list you keep posting is for a different NDAA and is a different requirement. It is not, repeat, NOT, a list of entities covered by section 889 of the 2019 NDAA. Piliero made the same mistake. Their article claimed it was an 889 list, but then they link to a list whose title clearly states: "Entities Identifed as Chinese Military Companies Operating in the United States in Accordance with Section 1260H of the William M. ("Mac"} Thornberry National Defense Authorization Act for Fiscal Year 2021 (Public Law 116-283)." The title alone gives it away.

As for the FCC list, it just names the 5 companies (Huawei, ZTE, et al). Unless it is buried somewhere else, I do not see a list of all the subsidiaries and affiliates of those companies.

At this point, I think the only thing a company can do is go through its ERP system, identify all entities it has bought telecommunications equipment from, and then search for those companies in SAM. However I will add that I am not at all confident that all prohibited entities are entered in SAM. In addition, if the SecDef has designated (under FAR 4.2101) additional entities, is it that hard to make that list available on a DoD website, maybe DCMA or DLA?

Update: Just attended a PCI webinar put on by Sheppard Mullin. They said there is no 889 list of subsidiaries and affiliates available, including from the government. Submitted a question about entities identified by the SecDef, and waiting for the answer.

ji, FAR 4.2103 says that the contracting officer “may rely” on the representations. It doesn’t say “shall rely”.

“If the contracting officer has a reason to question the representation, the contracting officer shall follow agency procedures.”

I don’t know what the agency procedures are. But I wouldn’t rely on a simple all encompassing certification unless  there were some substantiation concerning the source company.

I described my possible procedure. It doesn’t involve any more research by the industry than what the certification requires. If a KO wants to spot check or totally check behind the offeror, they can search SAM for the identified source themselves (or have it searched by someone).

There is no need to require an offeror to provide all the information in the paragraph at 52.204-24 if they reviewed the SAM list and the entity wasn't listed or they otherwise determined that the source of the equipment or services is not an affiliate of the dirty five..

EDIT: Well it seems that Fara Fasat has discovered that SAM doesn’t list affiliates of the excluded dirty five after all. In fact there is apparently no 889 list of affiliates.

What a joke this whole thing is if a proposing firm can’t even find affiliates after being required to search SAM for affiliates of the “dirty five”!!

Bureaucracy!!

Answer: they know of no entities identified by SecDef, nor any published list.

Fara Fasat said:

Answer: they know of no entities identified by SecDef, nor any published list.

Yet all prospective providers of covered telecommunications equipment or services must certify whether or not any sources are affiliates of one or more of the dirty five excluded sources?

Apparently neither the government nor the industry has access to a list of excluded affiliates of the dirty five!

This is even more reason why a contracting officer may not (should not) simply rely upon a simple “no” certification.

One thing to keep in mind the equipment is highly sophisticated stuff.  I imagine any offeror selling it to the government is very knowledgeable of the sources.

formerfed said:

One thing to keep in mind the equipment is highly sophisticated stuff.  I imagine any offeror selling it to the government is very knowledgeable of the sources.

Probably so.

So it shouldn’t be a problem for them to identify the sources of the equipment and services they are certifying about. .

Right.  Besides any experienced contracting officer and PM should ask for a comprehensive technical proposal for items like networks, components and services.  The government can also check for 889 compliance.  Of course that’s subject to the limitations Fara noted.

Formerfed - that's the problem, or at least one of the problems. If you source telecommunications equipment from company xyz and it doesn't have Huawei, ZTE, etc in its name, then you have to search for that company in SAM, with no guarantee that it has been added to the excluded party list. In fact, doesn't an agency have to go through the suspension and debarment process to add a company to the excluded party list? What are the chances a newly-formed subsidiary of Huawei, created to avoid the prohibition, has been entered in SAM? 

We've beaten this to death, and we know that the government does not maintain a list. Apparently no one else does either.

joel hoffman said:

...FAR 4.2103 says that the contracting officer “may rely” on the representations...

Your statement is incomplete and, it appears to me, is intended to mislead WIFCON readers.  FAR 4.2103 says the contracting officer may rely on the representations unless the contracting officer has reason to question the representation -- you are essentially saying that the contracting officer must not rely on the "will not" and "does not" representations.  I understand that you take this matter seriously, but you are over-reaching. 

The correct principle is that a contracting officer may rely on the representations unless the contracting officer has reason to question the representation.

Fara Fasat said:

We've beaten this to death, and we know that the government does not maintain a list. Apparently no one else does either.

I hate to sound negative but this legislation was passed over four years ago.  Then it was probably a year too late.  Don’t you think Chinese e-spy’s have moved on by now?  It seems like monitoring US security traffic has a different mode by now

They may have moved on, but the certification and the compliance risk are still there.

formerfed said:

Right.  Besides any experienced contracting officer and PM should ask for a comprehensive technical proposal for items like networks, components and services.  The government can also check for 889 compliance.  Of course that’s subject to the limitations Fara noted.

Formerfed, your initial statement is so obvious, I overlooked it. The government can certainly ask for relevant information in the technical proposal.