The Consolidated Appropriations Act, 2021 (Pub. L. 116-260), was signed into law December 27, 2020. The final language was 2,124 pages long, covering 32 Divisions (or sections), each with multiple Titles. Division C (“Department of Defense Appropriations Act, 2021”) contained nine Titles. Title VIII “General Provisions” contained 138 Sections covering many aspects of DoD activity, and appropriating funding for those activities. (We should note that the other eight Titles within Division C contained their own multitude of Sections, but that’s not what we are talking about today.)

Section 8116 of Title VIII of Division C contained this limitation associated with certain appropriated funding:

SEC. 8116. (a) None of the funds made available in this Act may be used to maintain or establish a computer network unless such network is designed to block access to pornography websites. (b) Nothing in subsection (a) shall limit the use of funds necessary for any Federal, State, tribal, or local law enforcement agency or any other entity carrying out criminal investigations, prosecution, or adjudication activities, or for any activity necessary for the national defense, including intelligence activities.

You can find that prohibition on page 151 of 2,124, if you are inclined to check our veracity. (You should totally check. We could easily be fake news.)

As a consequence of that statutory requirement, on April 5, 2021, the Principal Director, Defense Pricing and Contracting, issued a Class Deviation (2021-O0003) that established a solicitation provision that requires “offerors to represent, by submission of their offer, that they are not providing as part of their offer a proposal to maintain or establish a computer network unless such network is designed to block access to pornography websites.” The provision is 252.239-7098, Prohibition on Contracting to Maintain or Establish a Computer Network Unless Such Network is Designed to Block Access to Certain Websites—Representation. It is to be included “in all solicitations, including solicitations for the acquisition of commercial items under FAR part 12.”

Because accessing porn is the most significant cyber-security threat facing the Department of Defense right now.

Please.

Without taking a moral stand either for or against pornography, and without entering into the legitimate debate about whether pornography degrades/exploits people or perhaps gives certain people a vehicle to generate wealth who would otherwise be stuck in a cycle of poverty—and without expressing an opinion as to whether such a limitation amounts to de facto censorship in possible violation of the First Amendment of the Constitution—let us see if we can find common ground by asking whether this is really the most important issue that Congress, and therefore the contracting officers of the DoD and the contractors of the DoD, should really be concerned with?

We assert it is not.

There are many cyber-security threats facing the Department of Defense at the moment.

"It's no secret that the U.S. is at cyber war every day," Ellen Lord, told the audience at the Professional Services Council's 2020 Defense Services Conference, in August, 2020. "Cybersecurity risks threaten the industrial base, national security, as well as partners and allies."

While Ms. Lord was talking, hackers had already broken into Texas-based SolarWind's systems and added malicious code into the company's software system. The system, called "Orion," is widely used by companies to manage their IT resources. Starting in March, 2020, “SolarWinds unwittingly sent out software updates to its customers that included the hacked code. The code created a backdoor to customer's information technology systems, which hackers then used to install even more malware that helped them spy on companies and organizations.” (Quoted from this article, written by Isabella Jibillian and Katie Canales.) According to that same article, “US agencies — including parts of the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, and the Treasury — were attacked.”

The attack lasted for months and, even today, there is uncertainty about how many systems were hacked or what the damage was.

This is just one example of the real cyber-threats facing the Department of Defense. Accessing porn may be bad but it doesn’t take out entire “secure” networks.

But unfortunately, porn is the issue that Congress decided to focus on, and so now contractors must certify that they are not providing as part of their offer a proposal to maintain or establish a computer network unless such network is designed to block access to pornography websites.

It is a long-lamented concern that many of the most innovative infotech firms are reluctant (at best) to do business with the DoD. One of their concerns has been the amount of bureaucracy that comes with defense contracts. Commercial item contracts were one means of reducing that bureaucracy, but we see now that such contracts are subject to the same picayune compliance requirements as are the Major Defense Acquisition Programs, at least in this one respect.

Is blocking access to pornography such a big deal? Probably not. But the Congressional focus on blocking access to pornography is emblematic of a lack of focus on areas that are significantly more important to the national security posture of the United States.