Last month, the U.S. District Court for the District of Columbia awarded about $1.3 million in damages and penalties to the U.S. and about $380,000 to California for violations of the state and federal False Claims Acts (FCA) committed by NortonLifeLock, Inc. (f/k/a Symantec Corporation). The decision in U.S. ex rel. Morsell v. NortonLifeLock Inc., No. 1:12-cv-00800 (D.D.C. Jan. 19, 2023) is noteworthy not only for its robust discussion of pricing and discounts under the General Services Administration (GSA) Multiple Award Schedule (MAS) Program, but for the Court's calculation — or lack thereof — of damages. 

Factual Background

Much of the Court's 186-page ruling is spent on the intricacies of Symantec's pricing of products and services, its commercial discounts and rebates programs, and the company's negotiations with GSA. Under the MAS program, contractors are required to accurately disclose their Commercial Sales Practices (CSP), which include a description of discounts and concessions offered to a contractor's commercial customers. This requirement helps the government "obtain the offeror's best price." General Services Acquisition Manual (GSAM) § 538.270-1(c). 

After months of negotiations, GSA awarded Symantec an MAS contract in January 2007. In 2012, a Symantec employee brought an action under the FCA as a relator, alleging the company violated certain contractual obligations. The specifics of Symantec's wrongdoing are complex and greatly contribute to the length of the decision. But simply put, Symantec failed to provide accurate and complete information with respect the discounts and rebates it offered to its commercial customers. Consequently, GSA paid higher prices under the MAS contract than it should have. After the case was filed, the U.S. and the state of California subsequently intervened. 

FCA Liability

The U.S. presented three theories of falsity regarding Symantec's pricing disclosures under the MAS contract. First, it argued that because Symantec failed to disclose its best discounts and concessions offered to commercial customers, various invoices for payment under the MAS contract were "falsely inflated" such that the claims fall into the paradigmatic category of FCA presentment claims where the claim itself was false. Second, it argued that because the CSPs were materially false, the contract itself was fraudulently induced. Finally, it alleged the claims impliedly certified compliance with the CSP Disclosures, Price Reduction Clause (PRC) (GSAM § 552.238-75, now at GSAM § 552.238-81), and Modifications Clause (GSAM § 552.243-72, now at GSAM § 552.238-82), which were material to the GSA's decision to pay.

The Court found that the U.S.'s various claims under the FCA survived to different extents. Specifically:

• GSA was fraudulently induced to enter into an MAS contract with Symantec because of Symantec's knowingly, materially false CSP disclosures
• Symantec impliedly certified compliance with the PRC and CSP requirements when submitting claims throughout the life of the contract
• Symantec made knowing, materially false statements related to claims for payment during the negotiation and the life of the contract through the subsequent modifications reaffirming the initially false CSPs
• Symantec failed to offer the price reductions to which GSA was entitled during the life of the contract

Damages Calculation

Discount Damages

Under the fraudulent inducement theory of liability, the Court found the U.S. failed to demonstrate a proximate connection, as required to recover treble damages under the FCA, between Symantec's wrongful conduct and the claimed damages, stating "[a]lthough it is more likely than not that GSA would have insisted on a more advantageous discount had Symantec not made the misleading representations during negotiations, there is simply no evidence of how much more advantageous the GSA discounts would have been." In this regard, various expert witnesses came up with exceptionally different conclusions on how many of the thousands of orders were at issue, how much of a discount should have applied to each order, and ultimately the amount that GSA overpaid. Thus, nothing in their testimonies allowed the Court to "determine with reasonable certainty the degree of difference in the GSA discount that resulted from Symantec's material and fraudulent misrepresentations in the negotiation." The Court noted that although some amount of uncertainty would not bar recovery, a plaintiff still bears the burden of providing "a reasonable method to calculate damages." Here, the U.S. decided to tie the damages calculations to PRC violations, leaving the Court to conclude that determining how much of a discount GSA would have received had the CSP disclosures been complete and accurate "to little more than pulling a number out of thin air."

The U.S.'s modification clause theory failed for the same reasons. Because the Court could not determine the amount by which the inaccurate CSPs increased the negotiated prices in the original contract, it likewise could not determine with reasonable certainty how much GSA would have paid had Symantec come clean about those originally false CSPs.

Finally, the Court held that the U.S. had not met its burden of proving damages under its theory of implied certification with the PRC given inconsistencies and incomplete data in the U.S.'s expert witness report. 

All told, the Court recognized the "tension in its determination that the United States has met its
burden on liability but not on damages with respect to the PRC discounts." However, given the "especially punitive [] nature" of treble damages, the Court found it "especially important to hold the United States to its burden of proving" damages.

Rebate Damages

On the other hand, the Court was able to calculate damages for Symantec's false disclosures with respect to its rebate program. The Court found one method of calculations performed by Symantec's expert to provide an exceptionally conservative "ballpark estimate" to serve as a baseline for damages, $11,877,224 (as opposed to the U.S. expert's calculation of $281,552,189 using the same methodology). The U.S. asked the Court to calculate three percent of its total damages to account for Symantec's failure to disclose its rebates program, which the Court found to be reasonable given some Symantec rebates were as high as 16 percent. Thus, the Court awarded $1,068,950.16 in treble damages to the U.S. 

Civil Penalties

The Court also assessed penalties for various false statement which violated the FCA: 

• The submission of a materially false Frequency Chart describing Symantec commercial discounts during negotiations
• The failure to disclose Symantec's rebating policies during negotiations
• The original GSA pricelist, which transmitted falsely inflated prices
• Each of the 18 contract modifications in which Symantec claimed its CSP has not changed

And given Symantec's conduct, the Court awarded the maximum of the statutory range, $11,000, for each false statement for a total of $231,000.

California's Claims

For many of the same evidentiary issues discussed above — conflicting expert testimony, issues with methodologies used, incomplete data, etc. — the Court could not estimate damages with reasonable certainty for California's claims under the California False Claims Act. Nonetheless, the Court was able to determine that Symantec submitted 69 false claims under the California Multiple Award Schedule program. Because the falsity of the claims only stemmed from initial disclosures and was not "brazen" activity that warranted harsher penalties, it awarded the statutory minimum of $5,500 for each claim for a total of $379,500. 

Takeaways

The Court's holding highlights the importance of providing a method that allows the Court to calculate FCA damages with reasonable certainty. Despite holding that Symantec violated the FCA in myriad ways, the Court found itself at a loss for much of the damages calculations because of the U.S.'s decision to tie the calculation to opaque methodologies that involved hundreds of thousands of stock-keeping numbers, tens of thousands of orders, and spanned three excel spreadsheets. While this may have largely been a function of the complexity of the MAS program and its pricing structure, had the U.S. offered a simpler methodology for calculating damages, it may have recovered much more against the contractor. In contrast, some of the Symantec expert's calculations were found convincing, allowing the baseline of rebate damages to be $11.8 million, instead of the $281 million and $322 million estimates proffered by the U.S. expert. 

The decision also serves as a reminder that contractors need to exercise due diligence during the negotiation and performance of an MAS contract or risk FCA violations. The FCA requires the "knowing" presentment of false claims, defined to encompass actual knowledge, deliberate ignorance, or reckless disregard of the truth or falsity of the information. 31 U.S.C. § 3729(b)(1)(A). While some of Symantec's conduct was found to be done with actual knowledge, much of the company's liability arose from various employees who abdicated their responsibilities, amounting to "reckless disregard" of the falsity of information submitted to GSA. The record showed that Symantec's leadership did not even make a "cursory effort" to "learn about its obligations" under the MAS contract and operational employees charged with negotiating and managing the MAS contract certified compliance with MAS contract obligations without thorough analysis and often believed that any such responsibility fell on another employee. Contractors with MAS contracts should ensure that relevant responsibilities are clearly articulated, and employees are adequately trained on the MAS Program. 

If you have any questions about the NortonLifeLock decision, the FCA, or the MAS Program, please contact the Miller & Chevalier attorneys listed below. 

Brian A. Hill, bhill@milchev.com, 202-626-6014

Connor W. Farrell, cfarrell@milchev.com, 202-626-5925

Elizabeth J. Cappiello*

*Former Miller & Chevalier attorney

The information contained in this communication is not intended as legal advice or as an opinion on specific facts. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. For more information, please contact one of the senders or your existing Miller & Chevalier lawyer contact. The invitation to contact the firm and its lawyers is not to be construed as a solicitation for legal work. Any new lawyer-client relationship will be confirmed in writing.

This, and related communications, are protected by copyright laws and treaties. You may make a single copy for personal use. You may make copies for others, but not for commercial purposes. If you give a copy to anyone else, it must be in its original, unmodified form, and must include all attributions of authorship, copyright notices, and republication notices. Except as described above, it is unlawful to copy, republish, redistribute, and/or alter this presentation without prior written consent of the copyright holder.