B-186858, JUN 13, 1977, 56 COMP GEN 694

B-186858, JUN 13, 1977, 56 COMP GEN 694

CONTRACTS - NEGOTIATION - OFFERS OF PROPOSALS - UNACCEPTABLE PROPOSALS - PRICES NOT FIXED ON RECONSIDERATION, DECISION IS AFFIRMED THAT PROPOSAL - (1) WHOSE COMPUTER ALGORITHM WAS DIRECTLY RELATED TO PROPOSED PRICES AND (2) WHICH RESERVED RIGHT TO REVISE ALGORITHM AFTER AWARD AND TO NEGOTIATE WITH AGENCY CONCERNING SUCH CHANGES - FAILED TO COMPLY WITH REQUEST FOR PROPOSALS (RFP) REQUIREMENT THAT FIXED PRICES BE OFFERED. MOST REASONABLE INTERPRETATION OF PROPOSAL'S LANGUAGE IS THAT SUBJECT OF POST-AWARD NEGOTIATIONS WOULD BE CHANGES IN CONTRACT PRICES, AND LEAVING OPEN OPPORTUNITY TO CHANGE PRICES MEANT THAT PRICES WERE NOT FIXED. DEFECT IN PROPOSAL COULD NOT HAVE BEEN CURED WITHOUT FURTHER NEGOTIATIONS WITH ALL OFFERORS IN COMPETITIVE RANGE. CONTRACTS - NEGOTIATION - REQUESTS FOR PROPOSALS - COMPUTER TIME SHARING SERVICES - REQUIREMENTS - MEMORY ALLOCATION CONTENTIONS IN REQUESTS FOR RECONSIDERATION - TO EFFECT THAT PROPOSAL OFFERING "STORAGE PROTECTION" SATISFIED RFP COMPUTER SECURITY REQUIREMENT INVOLVING "READ PROTECTION"; THAT PROPOSAL WAS SUFFICIENTLY DETAILED TO DEMONSTRATE SATISFACTION OF REQUIREMENTS; THAT RFP DID NOT REQUIRE EXTENSIVE DETAIL; THAT FURNISHING MORE DETAIL WOULD HAVE SUBVERTED SECURITY; THAT COMPETING PROPOSAL REQUIREMENTS - DO NOT SHOW PRIOR DECISION THAT NAVY ACTED UNREASONABLY IN ACCEPTING PROPOSAL WAS ERRONEOUS. NAVY COULD NOT REASONABLY DETERMINE FROM PROPOSAL WHETHER FULL READ PROTECTION WAS OFFERED AND HOW IT WOULD BE PROVIDED. CONTRACTS - OPTIONS - FAILURE TO EXERCISE V. COSTS - CONTENTION WITHOUT MERIT CONTENTION THAT FAILURE TO EXERCISE OPTION YEARS OF CONTRACT WILL RESULT IN NAVY'S INCURRING SUBSTANTIAL TERMINATION FOR CONVENIENCE COSTS IS WITHOUT MERIT, SINCE AUTHORITY CITED (MANLOADING & MANAGEMENT ASSOCIATES, INC. V. UNITED STATES, 461 F.2D 1299 (CT CL. 1972)) INVOLVED ESTOPPEL SITUATION WHERE GOVERNMENT GAVE UNEQUIVOCAL ASSURANCES THAT CONTRACT OPTION WOULD BE EXERCISED. PRESENT CASE INVOLVED MERE ASSURANCE THAT OPTIONS WOULD BE EXERCISED SUBJECT TO EVENTUALITIES NORMALLY ASSOCIATED WITH YEAR-TO-YEAR FUNDING, AND IS DISTINGUISHABLE ON OTHER GROUNDS AS WELL. CONTRACTS - OPTIONS - NOT TO BE EXERCISED - NOT IN GOVERNMENT'S BEST INTEREST CONTRACTOR AND AGENCY SUGGEST THAT NO RECOMMENDATION FOR CORRECTIVE ACTION WOULD BE APPROPRIATE DESPITE PRIOR DECISION SUSTAINING PROTEST BECAUSE CONTRACT PERFORMANCE COMPLIES WITH REQUIREMENTS AND PROTESTER SUFFERED NO PREJUDICE. HOWEVER, WHILE SOME EVIDENCE IN RECORD INDICATES THAT CONTRACTOR IS PROVIDING "READ PROTECTION" IN COMPUTER TIMESHARING SERVICES CONTRACT, WRITTEN RECORD DOES NOT ESTABLISH THAT CONTRACT PERFORMANCE IS FULLY IN COMPLIANCE WITH REQUIREMENTS, NOR IS IT GENERAL ACCOUNTING OFFICE'S (GAO) FUNCTION TO MAKE SUCH DETERMINATION. IN ANY EVENT, BEST INTERESTS OF GOVERNMENT CALL FOR RECOMMENDATION THAT CONTRACT OPTION YEARS NOT BE EXERCISED. 56 COMP.GEN. 245, MODIFIED. GENERAL ACCOUNTING OFFICE - RECOMMENDATIONS - CONTRACTS - PRIOR RECOMMENDATION - MODIFIED - LAPSE OF TIME REQUESTS FOR RECONSIDERATION HAVE NOT SHOWN ERRORS OF FACT OR LAW IN PRIOR DECISION SUSTAINING PROTEST, AND DECISION'S RECOMMENDATION FOR CORRECTIVE ACTION - REOPENING NEGOTIATIONS - WAS CORRECT AT TIME IT WAS MADE. DUE SOLELY TO AMOUNT OF TIME CONSUMED BY CONTRACTOR'S, AGENCY'S AND PROTESTER'S REQUESTS FOR RECONSIDERATION, AND IN VIEW OF APPROACHING EXPIRATION OF CURRENT CONTRACT TERM, GAO NOW CHANGES RECOMMENDATION: INSTEAD OF REOPENING NEGOTIATIONS, NAVY SHOULD NOT EXERCISE TWO OPTION YEARS IN CURRENT CONTRACT AND SHOULD RESOLICIT COMPUTER TIME-SHARING SERVICES COMPETITIVELY. 56 COMP.GEN. 245, MODIFIED.

IN THE MATTER OF THE COMPUTER NETWORK CORPORATION, ET AL. - REQUESTS FOR RECONSIDERATION, JUNE 13, 1977:

COMPUTER NETWORK CORPORATION (COMNET), THE NAVAL SUPPLY SYSTEMS COMMAND (NAVSUP), AND TYMSHARE, INC., HAVE EACH REQUESTED RECONSIDERATION OF OUR DECISION WHICH SUSTAINED TYMSHARE'S PROTEST IN REGARD TO THE AWARD OF A CONTRACT FOR COMPUTER TIMESHARING SERVICES.

OUR DECISION COMPUTER NETWORK CORPORATION ET AL., OF JANUARY 14, 1977, 56 COMP.GEN. 245, 77-1 CPD 31, RECOMMENDED THAT THE NAVY REOPEN NEGOTIATIONS, OBTAIN REVISED PROPOSALS, AND EITHER AWARD A CONTRACT TO TYMSHARE (IF IT BECAME THE SUCCESSFUL OFFEROR) OR MODIFY COMNET'S CURRENT CONTRACT PURSUANT TO ITS FINAL PROPOSAL (IF IT REMAINED THE SUCCESSFUL OFFEROR). THE BACKGROUND FACTS AND CIRCUMSTANCES, WHICH ARE COMPLICATED, ARE SET FORTH IN OUR EARLIER DECISION.

COMNET AND THE NAVY MAINTAIN THAT DECISION REACHED AN ERRONEOUS CONCLUSION ON AN ISSUE INVOLVING THE NAVY'S ACCEPTANCE OF COMNET'S PROPOSAL AS COMPLYING WITH THE COMPUTER SECURITY REQUIREMENTS SET FORTH IN THE REQUEST FOR PROPOSALS (RFP NO. N00600-76-R-5078). COMNET AND THE NAVY CONTEND THAT WE SHOULD REVERSE OUR CONCLUSION ON THIS ISSUE AND WITHDRAW OUR RECOMMENDATION.

TYMSAHRE CONTENDS THAT OUR DECISION WAS CORRECT ON THE COMPUTER SECURITY ISSUE BUT ERRONEOUSLY FOUND THAT TYMSHARE'S PROPOSAL FAILED TO MEET AN RFP REQUIREMENT THAT FIXED PRICES BE OFFERED. TYMSHARE BELIEVES WE SHOULD RECOMMEND A TERMINATION FOR CONVENIENCE OF COMNET'S CONTRACT AND A REINSTATEMENT OF TYMSHARE'S CONTRACT (TYMSHARE WAS THE ORIGINAL AWARDEE UNDER THE RFP; THE NAVY TERMINATED TYMSHARE'S CONTRACT FOR THE CONVENIENCE OF THE GOVERNMENT AND MADE AWARD TO COMNET IN AUGUST 1976 BECAUSE IT BELIEVED COMNET'S PROTEST AGAINST THE AWARD TO TYMSHARE WAS MERITORIOUS).

THE STANDARD TO BE APPLIED IN CONSIDERING THESE REQUESTS IS WHETHER THE REQUESTERS HAVE CONVINCINGLY SHOWN ERRORS OF FACT OR LAW IN OUR EARLIER DECISION. SEE CORBETTA CONSTRUCTION COMPANY OF ILLINOIS, INC., 55 COMP. GEN. 972, 975 (1976), 76-1 CPD 240. DESPITE THE EXTENSIVE WRITTEN SUBMISSIONS BY ALL PARTIES, VERY LITTLE IN THE WAY OF GENUINELY NEW AND MATERIAL INFORMATION HAS SURFACED. WE INTEND TO CONCENTRATE IN THIS DECISION ON THE ISSUES WHICH ARE DISPOSITIVE OF THE REQUESTS FOR RECONSIDERATION.

RECONSIDERATION OF FIXED-PRICE ISSUE

OUR EARLIER DECISION CONCLUDED THAT BECAUSE OF CERTAIN PROVISIONS IN TYMSHARE'S PRICE PROPOSAL, IT FAILED TO OFFER FIXED PRICES AS REQUIRED BY THE RFP. IN THIS REGARD, PARAGRAPH C4 OF TYMSHARE'S PRICE PROPOSAL PROVIDED:

TYMSHARE RESERVES THE RIGHT TO REVISE ITS ALGORITHM DURING THE LIFE OF THE CONTRACT TO REFLECT CHANGES IN HARDWARE COSTS, INFLATIONARY PRESSURES, OPERATING SYSTEM IMPROVEMENTS, ETC. SHOULD AN ALGORITHM CHANGE BE CONSIDERED, AN ANALYSIS OF THE IMPACT OF THESE CHANGES ON NAVY OPERATIONS WILL TAKE PLACE, AND APPROPRIATE NEGOTIATIONS CONDUCTED.

TYMSHARE'S OFFERED PRICES FOR VARIOUS ITEMS OF WORK WERE EXPRESSED IN A DIRECT RELATIONSHIP TO ITS ALGORITHM.

TYMSHARE'S PRINCIPAL ARGUMENT IS THAT THIS LANGUAGE WAS MERELY A "REQUEST" TO THE NAVY FOR THE RIGHT TO ADJUST THE ALGORITHM TO PERMIT TYMSHARE TO CHARGE OTHER CUSTOMERS - NOT THE NAVY - HIGHER PRICES. TYMSHARE POINTS OUT THAT ITS METHOD OF OPERATION GENERALLY CALLS FOR USE OF A SINGLE ALGORITHM, WHICH FUNCTIONS AS A MEASURE OF UNITS OF SERVICE AND PRICE. THUS, THE ARGUMENT RUNS, IF TYMSHARE WAS FORCED TO CHANGE ITS ALGORITHM BECAUSE OF ITS OTHER BUSINESS, IT WOULD NEGOTIATE WITH THE NAVY APPROPRIATE OFFSETTING MATHEMATICAL ADJUSTMENTS IN THE ALGORITHM WHICH WOULD NOT, HOWEVER, AFFECT THE AGREED-UPON CONTRACT PRICES. TYMSHARE CONTENDS THAT ITS COMMITMENT TO CONDUCT ALL APPROPRIATE NEGOTIATIONS WITH THE NAVY EFFECTIVELY RESERVED TO THE NAVY THE "FINAL SAY" ON WHAT CHANGES COULD BE MADE, AND CITES CHEMICAL TECHNOLOGY, INC., B-179674, APRIL 2, 1974, 74-1 CPD 160, FOR THE PROPOSITION THAT ADJUSTMENT IN A PRICE FORMULA WHICH DOES NOT CHANGE THE COST TO THE GOVERNMENT DOES NOT AFFECT THE FIRMNESS OF A PRICE PROPOSAL.

DESPITE TYMSHARE'S SUBSEQUENT EXPLANATIONS AS TO THE MEANING OF THIS PORTION OF ITS PROPOSAL, THE INTENT OF THE PROPOSAL IS BASICALLY TO BE DETERMINED FROM THE PROPOSAL ITSELF. DYNALECTRON CORPORATION ET AL., 54 COMP.GEN. 562, 570 (1975), 75-1 CPD 17; MODIFIED (CORRECTED) BY 54 COMP. GEN. 1009 (1975), 75-1 CPD 341. IN ANY EVENT, THE NAVY'S CONTRACT NEGOTIATOR, IN AN AFFIDAVIT DATED MARCH 11, 1977, STATES THAT PRIOR TO THE AWARD HE NEVER DISCUSSED THIS PORTION OF THE PROPOSAL WITH TYMSHARE.

PARAGRAPH C4 PLAINLY STATES, AT A MINIMUM, THAT TYMSHARE RESERVED THE RIGHT TO ENTER INTO NEGOTIATIONS AFTER AWARD OF A CONTRACT. FURTHER, THE MOST REASONABLE INTERPRETATION OF THE REFERENCES TO "CHANGES IN HARDWARE COSTS," "INFLATIONARY PRESSURES," AND "IMPACT OF THESE CHANGES ON NAVY OPERATIONS" - CONSIDERED TOGETHER WITH THE FACT THAT TYMSHARE'S PROPOSED PRICES WERE DIRECTLY RELATED TO ITS ALGORITHM - IS THAT THE SUBJECT OF THE POST-AWARD NEGOTIATIONS WOULD BE CHANGES IN THE CONTRACT PRICES. ALTERNATIVE INTERPRETATION OF PARAGRAPH C4 IS THAT TYMSHARE RESERVED THE RIGHT TO UNILATERALLY MAKE PRICE CHANGES, WITH THE POST AWARD NEGOTIATIONS BEING LIMITED IN SCOPE TO THE CONSEQUENTIAL EFFECTS OF THE CHANGES ON NAVY OPERATIONS.

IN ANY EVENT, THE INTERPRETATION THAT PARAGRAPH C4 MERELY LEFT OPEN THE OPPORTUNITY FOR POSSIBLE PRICE CHANGES IS ENOUGH TO SUPPORT A CONCLUSION THAT TYMSHARE'S PROPOSAL FAILED TO OFFER FIXED PRICES. IN THIS REGARD, WE NOTE THAT IN FORMALLY ADVERTISED PROCUREMENTS, A BID RESERVING THE RIGHT TO NEGOTIATE MATERIAL TERMS AND CONDITIONS IS A QUALIFIED BID AND MUST BE REJECTED. 42 COMP.GEN. 96 (1962). ALSO, IN APPLIED MANAGEMENT SCIENCES, INC., B-182770, JULY 1, 1975, 75-2 CPD 2, WHERE A BID CONTAINED REFERENCES BOTH TO A FIXED PRICE AND TO NEGOTIATION, THE BID WAS AMBIGUOUS AND WAS PROPERLY REJECTED AS NONRESPONSIVE. IN NEGOTIATED PROCUREMENTS, AS HERE, NEGOTIATION HAS BEEN DEFINED AS ANY OPPORTUNITY TO REVISE OR MODIFY A PROPOSAL. 51 COMP. GEN 479 (1972).

WE BELIEVE IT IS CLEAR THAT BY LEAVING OPEN THE OPPORTUNITY TO EFFECT POST-AWARD CHANGES IN ITS PRICES, TYMSHARE'S PROPOSAL FAILED TO OFFER FIXED PRICES. WHETHER THE NAVY MIGHT HAVE BEEN ABLE TO SUCCESSFULLY REJECT PRICE CHANGES IN THE POST-AWARD NEGOTIATIONS IS IMMATERIAL. THEREFORE, WHERE, AS HERE, IN RFP REQUIRES FIXED PRICES AND A PROPOSAL DOES NOT OFFER FIXED PRICES, THE PROPOSAL AS SUBMITTED CANNOT BE CONSIDERED FOR AWARD. BURROUGHS CORPORATION, 56 COMP.GEN. 142 (1976), 76-2 CPD 472; COMPUTER MACHINERY CORPORATION, 55 COMP.GEN. 1151 (1976), 76-1 CPD 358, AFFIRMED C3, INC., ET AL., B-185592, AUGUST 5, 1976, 76-2 CPD 128. ALSO, TYMSHARE'S RELIANCE ON THE CHEMICAL TECHNOLOGY DECISION IS MISPLACED. IN THAT CASE, A BID WAS FOUND TO BE RESPONSIVE BECAUSE A FIRM EXTENDED PRICE COULD BE ASCERTAINED FROM HOURLY PRICE QUOTES IN THE BID, NOTWITHSTANDING THE BIDDER'S FAILURE TO QUOTE MONTHLY UNIT PRICES AS REQUIRED. IN THE PRESENT CASE, TYMSHARE'S PROPOSAL PRICES ARE NOT FIRM BECAUSE THE PROPOSAL LEFT OPEN THE OPPORTUNITY TO CHANGE THE PRICES AFTER AWARD.

TYMSHARE ALSO CONTENDS, CITING COMPUTER MACHINERY CORPORATION, THAT SINCE THIS WAS A NEGOTIATED PROCUREMENT THE NAVY COULD SIMPLY HAVE REJECTED PARAGRAPH C4 AND MADE AN AWARD BASED UPON THE REMAINDER OF THE PROPOSAL. COMPUTER MACHINERY CORPORATION DOES NOT SUPPORT THIS CONTENTION. THAT DECISION INVOLVED A SITUATION WHERE OFFERORS' PROPOSALS CONTAINED VARIOUS METHODS OF ACQUISITION FOR ADPE, INCLUDING LEASE PLANS. EACH METHOD OR PLAN WAS ESSENTIALLY A SEPARATE AND INDEPENDENT ALTERNATIVE BY WHICH THE GOVERNMENT COULD OBTAIN ADPE. ONE OF THE SUCCESSFUL OFFEROR'S LEASE PLANS WAS UNACCEPTABLE. OUR OFFICE RECOMMENDED THAT THE AGENCY REEVALUATE THE PROPOSALS, EXCLUDING THE UNACCEPTABLE LEASE PLAN. IN THE PRESENT PROCUREMENT, THERE WAS ONLY ONE ACQUISITION METHOD OR PLAN - THE PURCHASE OF COMPUTER TIMESHARING SERVICES AT FIXED PRICES. THE DEFECT IN TYMSHARE'S PROPOSAL COULD NOT BE CURED WITHOUT REOPENING NEGOTIATIONS WITH ALL OFFERORS WITHIN THE COMPETITIVE RANGE.

TYMSHARE NEXT CONTENDS THAT THE NAVY PROCURING ACTIVITY DID DELETE PARAGRAPH C4 OF ITS PROPOSAL IN MAKING THE AWARD, WHICH THE NAVY DENIES. THIS CONTENTION IS BASED ON THE FACT THAT WHILE PARAGRAPH C4 APPEARS IN THE TYMSHARE PROPOSAL, IT DOES NOT APPEAR IN THE STANDARD FORM 26 CONTRACT DOCUMENT.

AS ALREADY NOTED, THIS ALLEGATION, IF TRUE, WOULD MEAN THAT FURTHER NEGOTIATIONS WOULD BE REQUIRED. IN ANY EVENT, WE BELIEVE PARAGRAPH C4 WAS PART OF THE CONTRACT BECAUSE, AS THE NAVY POINTS OUT, ITS ACCEPTANCE OF THE PROPOSAL (CONTAINING PARAGRAPH C4) CONSUMMATED THE CONTRACT. THE RULE IN THIS REGARD IS THAT THE GOVERNMENT'S ACCEPTANCE MAY NOT VARY THE TERMS OF THE OFFER. KENNETH DAVID LTD., B-181905, MARCH 17, 1975, 75-1 CPD 159. WE DO NOT BELIEVE IT IS NECESSARY TO DISCUSS THE NAVY'S EXPLANATION OF HOW PARAGRAPH C4 CAME TO BE DELETED FROM THE STANDARD FORM 26 PRICING SCHEDULE.

RECONSIDERATION OF COMPUTER SECURITY ISSUE

THE RFP ESTABLISHED VARIOUS REQUIREMENTS REGARDING THE PRIVACY ACT OF 1974 (5 U.S.C. SEC. 552A (SUPP. IV, 1974)) AND COMPUTER SECURITY, INCLUDING THE FOLLOWING:

MAIN MEMORY PROTECTION MUST INSURE THE INTEGRITY OF A USER'S AREA DURING OPERATIONS. (RFP SECTION F.VII.A.3(D))

AND

THE PROPOSAL MUST INCLUDE A DETAILED DESCRIPTION OF ALL SECURITY MEASURES AND PROCEDURES. (RFP SECTION F.VII.A.5.)

WITH REFERENCE TO THE MAIN MEMORY PROTECTION REQUIREMENT, OUR EARLIER DECISION HELD:

WE BELIEVE THIS REQUIREMENT IS OPEN TO ONLY ONE REASONABLE INTERPRETATION, NAMELY, THAT AN OFFEROR'S HARDWARE/OPERATION SYSTEM CONFIGURATION MUST INCLUDE "READ" PROTECTION. AFTER REVIEWING COMNET'S PROPOSAL, WE CONCLUDE THAT THE HARDWARE/OPERATING SYSTEM CONFIGURATION IT PROPOSED - THE OS/MVT OPERATING ON THE IBM 360/65 - CANNOT PROTECT AGAINST READ ACCESS TO THE MAIN MEMORY OF THE CPU WITHOUT CONSIDERABLE MODIFICATION. WHILE COMNET'S SUBMISSIONS IN THE PROTEST PROCEEDINGS STATE THAT IT HAS MADE CONSIDERABLE MODIFICATIONS TO THE STANDARD OS/MVT, AFTER REVIEWING THE COMNET PROPOSAL WE DO NOT BELIEVE THE PROPOSAL DEMONSTRATES THAT THE MEMORY PROTECTION REQUIREMENT HAS BEEN MET. BASED UPON THIS AND OUR EXAMINATION OF THE RECORD OF THE NAVY'S TECHNICAL EVALUATION OF PROPOSALS, WE BELIEVE THE NAVY'S ACCEPTANCE OF THE PROPOSAL IN THIS RESPECT LACKED A REASONABLE BASIS, AND AMOUNTED TO AN IMPROPER RELAXATION OF A MATERIAL SECURITY REQUIREMENT WITHOUT AMENDING THE RFP PURSUANT TO ASPR SEC. 3-805.4 TO ALLOW FURTHER COMPETITION ON THE BASIS OF THE RELAXED REQUIREMENT.

IN REACHING THIS CONCLUSION WE UTILIZED THE ASSISTANCE OF TECHNICAL EXPERTS, WHO HAVE AGAIN PARTICIPATED IN OUR CONSIDERATION OF THE REQUESTS FOR RECONSIDERATION.

THERE IS NO DISAGREEMENT CONCERNING OUR INTERPRETATION THAT THE RFP REQUIRED READ PROTECTION. THE ISSUE ON RECONSIDERATION RELATES TO OUR CONCLUSION THAT THE NAVY ACTED UNREASONABLY IN DECIDING TO ACCEPT THE COMNET PROPOSAL DESPITE THE PROPOSAL'S FAILURE TO DEMONSTRATE COMPLIANCE WITH THE REQUIREMENT.

THE MOST SIGNIFICANT ITEM OF EVIDENCE BROUGHT FORWARD DURING THE RECONSIDERATION IS AN AFFIDAVIT DATED JANUARY 28, 1977, BY THE HEAD OF THE NAVY'S TECHNICAL EVALUATION PANEL. THIS AFFIDAVIT STATES IN PERTINENT PART:

1. *** FROM THE OUTSET *** IT WAS THE PANEL'S OPINION THAT THE COMNET PROPOSAL MET SECTION VII.A.3.D. OF THE SOLICITATION WHICH REQUIRED THAT "MAIN MEMORY PROTECTION MUST ENSURE THE INTEGRITY OF A USER'S AREA DURING OPERATIONS."

THIS CONCLUSION WAS BASED ON THE FOLLOWING:

(I) COMNET'S SYSTEM WAS NOT A STANDARD, UNMODIFIED OS/MVT SYSTEM. (WE WERE WELL AWARE THAT THE STANDARD OS/MVT SYSTEM DID NOT MEET THE SECURITY REQUIREMENTS OF THE RFP.)

(II) COMNET'S STATEMENT ON PAGE 54 OF THEIR PROPOSAL THAT "THE COMNET SECURITY SYSTEM, THROUGH THE USE OF THE STORAGE PROTECTION FEATURE INSURES THAT MAIN MEMORY AND DISK STORAGE ARE PROTECTED IN THE AREAS WHERE AUTHORIZATION AND VALIDATION OPERATIONS ARE BEING CONDUCTED, OR WHERE SUCH DATA IS STORED." TO US, "STORAGE PROTECTION" MEANT READ AND WRITE PROTECTION.

(III) COMNET'S STATED CAPABILITY FOR CONVERTING A SYSABEND DUMP TO SYSUDUMPS INDICATED THAT COMNET'S SYSTEM WAS DESIGNED TO PREVENT A USER FROM GETTING A COPY OF INFORMATION CONTAINED IN A PART OF MAIN MEMORY TO WHICH HE WAS NOT AUTHORIZED ACCESS THROUGH A SYSABEND DUMP BY CAUSING HIS PROGRAM TO ABNORMALLY TERMINATE. IF A USER WERE ALLOWED TO OBTAIN A SYSABEND DUMP HE COULD POSSIBLY CIRCUMVENT THE READ PROTECTION PROVIDED BY COMNET'S STORAGE PROTECTION FEATURES. A SYSUDUMP PERMITS USER TO OBTAIN INFORMATION ONLY FROM THE AREA OF MAIN MEMORY IN WHICH HIS PROGRAM IS EXECUTING.

OUR INITIAL CONCLUSION WITH REGARD TO THE ACCEPTABILITY OF COMNET'S SECURITY PROVISIONS WAS REINFORCED BY THE FOLLOWING STATEMENTS IN COMNET'S REVISIONS TO THEIR TECHNICAL PROPOSAL DATED 1 MARCH 1976:

(1) "THE IMPROVED SECURITY AND ACCOUNTING/BILLING SYSTEMS AS DEFINED WITHIN THE PROPOSAL ARE IN FINAL STAGES OF COMPLETION AND TESTING AND WILL BE INSTALLED PRIOR TO THE AWARD OF THIS CONTRACT." (SEE P. 1 OF REVISIONS) (II) "THE DATA MANAGER IS PROTECTED BY COMNET'S STORAGE PROTECTION FEATURE WHICH INSURES THAT MAIN MEMORY AND DISK STORAGE ARE PROTECTED IN THE AREAS WHERE AUTHORIZATION AND VALIDATION OPERATIONS ARE BEING CONDUCTED OR WHERE SUCH DATA ARE STORED." THERE WAS NO DOUBT IN OUR MINDS THAT THIS INCLUDED "READ" PROTECTION, SINCE "READ" PROTECTION WOULD HAVE TO BE PROVIDED TO ADEQUATELY PROTECT PASSWORDS AND SECURITY PROCEDURES IN THE DATA MANAGER'S AREA FROM PERUSAL BY SOMEONE TRYING TO BREAK THE SYSTEM. (SEE P. 5 OF REVISIONS.)

IN VIEW OF THE ABOVE, IT WAS MY OPINION, AS IT WAS THE OPINION OF THE PANEL, THAT COMNET MET THE MEMORY PROTECTION REQUIREMENT OF THE SOLICITATION.

THE FIRST DIFFICULTY IS WITH THE CONCLUSION THAT COMNET'S PROPOSAL OFFERED READ PROTECTION BECAUSE OF ITS REFERENCES TO "STORAGE PROTECTION." NONE OF THE PARTIES HAVE CITED LEGAL PRECEDENT DEFINING EITHER TERM, NOR ARE WE AWARE OF ANY. HOWEVER, THE NAVY DOES CITE ONE TECHNICAL DEFINITION OF STORAGE PROTECTION AS "THE PREVENTION OF ACCESS TO DATA IN STORAGE FOR ANY PURPOSE, SUCH AS READING OR WRITING. (SYNONYMOUS WITH MEMORY PROTECTION.)" WEIK, MARTIN H., STANDARE DICTIONARY OF COMPUTERS AND INFORMATION PROCESSING, HAYDEN BOOK COMPANY, INC.: NEW YORK, 1969.

WE NOTE THAT ANOTHER DEFINITION OF STORAGE PROTECTION IS "A FEATURE WHICH INCLUDES A PROGRAMMED PROTECTION KEY THAT PREVENTS THE READ-IN OF DATA INTO A PROTECTED AREA OF MAIN MEMORY AND THUS PREVENTS ONE PROGRAM FROM DESTROYING ANOTHER." SIPPL, CHARLES J., DATA COMMUNICATIONS DICTIONARY, VAN NOSTRAND REINHOLD COMPANY: NEW YORK, 1976. THIS DEFINITION INDICATES WRITE PROTECTION, BUT DOES NOT CONVEY THAT READ PROTECTION IS AN INTEGRAL PART OF THE TERM STORAGE PROTECTION.

IN THE ABSENCE OF A GENERALLY ACCEPTED AND AUTHORITATIVE DEFINITION OF STORAGE PROTECTION AS INCLUDING READ PROTECTION, WE BELIEVE THE NAVY ACTED UNREASONABLY IN ASSUMING THAT READ PROTECTION WAS BEING OFFERED WHEN THE PROPOSAL SPOKE OF STORAGE PROTECTION.

EVEN ASSUMING THAT COMNET'S PROPOSAL OFFERED READ PROTECTION, THE MORE SERIOUS QUESTION CONCERNS THE DEGREE TO WHICH THE PROPOSAL DEMONSTRATED THAT READ PROTECTION WOULD BE FURNISHED. A NUMBER OF TECHNICAL REASONS CITED IN THE AFFIDAVIT DO NOT SUPPORT THE NAVY'S CONCLUSION THAT THE PROPOSAL ADEQUATELY DEMONSTRATED SATISFACTION OF THE REQUIREMENTS. FOR INSTANCE, PARAGRAPH 1(II) OF THE AFFIDAVIT CITED PAGE 54 OF THE PROPOSAL WHICH REFERS TO A "STORAGE PROTECTION FEATURE." THE TERM IS IN ITSELF MEANINGLESS WITHOUT BEING DEFINED. WITHOUT A DESCRIPTION OF THIS FEATURE, AN ADEQUATE EVALUATION WOULD BE IMPOSSIBLE. FURTHER, THE PROPOSAL'S STATEMENT ONLY INDICATES PROTECTION IN AREAS WHERE AUTHORIZATION OR VALIDATION OPERATIONS ARE BEING CONDUCTED, OR WHERE AUTHORIZATION AND VALIDATION DATA IS STORED. IT DOES NOT INDICATE PROTECTION OF USER AREAS.

HOWEVER, THE NAVY AND COMNET CONTEND THAT THE PROPOSAL'S STATEMENTS CONCERNING CONVERSION OF SYSABEND DUMPS TO SYSUDUMPS SHOWED PROTECTION OF USER AREAS. COMNET, FOR INSTANCE, MAKES MUCH OF ITS PROPOSAL'S STATEMENTS THAT THIS MODIFICATION PERMITS "ONLY USER CORE STORAGE" TO BE DUMPED, AND THAT ANY ATTEMPT TO VIOLATE "THE SECURITY OF THE SYSTEM" WILL RESULT IN ABNORMAL TERMINATION OF THE USER'S JOB. COMNET MAINTAINS THAT THE AFFIDAVIT SHOWS AN ADEQUATE UNDERSTANDING AND EVALUATION OF THESE POINTS ON THE PART OF THE NAVY, SINCE IT RESTATES (IN FUNCTIONAL TERMS" WHAT ACTUALLY OCCURS.

WE AGREE THAT A MODIFICATION TO CONVERT ALL SYSABEND DUMPS TO SYSUDUMPS IS A HIGHLY DESIRABLE SECURITY FEATURE IN A TIMESHARING ENVIRONMENT, AND THAT SUCH CONVERSION PROVIDES A MEASURE OF READ PROTECTION IN THOSE SITUATIONS WHERE DUMPS ARE INVOLVED - I.E., WHERE A USER IS OBTAINING A PRINT-OUT OF INFORMATION STORED IN THE MAIN MEMORY. AS THE AFFIDAVIT STATES, IN A DUMP SITUATION THE MODIFICATION WOULD PERMIT A USER TO OBTAIN INFORMATION ONLY FROM THE AREA OF MAIN MEMORY IN WHICH HIS PROGRAM IS EXECUTING. HOWEVER, THIS CONVERSION OF MODIFICATION ALONE DOES NOT CONSTITUTE FULL READ PROTECTION; IT DOES NOT ENCOMPASS PROTECTION WHICH WOULD PREVENT A USER'S PROGRAM FROM ACCESSING AREAS OF MAIN MEMORY OUTSIDE THE USER'S ASSIGNED SEGMENT. FURTHER, THE AFFIDAVIT INDICATES THE NAVY RELIED ON BARE STATEMENTS IN THE COMNET PROPOSAL AS TO THIS CAPABILITY, WITHOUT OBTAINING ADDITIONAL EVIDENCE THROUGH DOCUMENTATION OR BY DEMONSTRATION PRIOR TO AWARD.

ASIDE FROM THE AFFIDAVIT OF THE TECHNICAL EVALUATION PANEL CHAIRMAN, THE ONLY OTHER CONTEMPORANEOUS EVIDENCE OF THE TECHNICAL EVALUATION IS THE RECORD OF WRITTEN QUESTIONS POSED BY THE NAVY TO COMNET AND COMNET'S ANSWERS, WHICH WE CONSIDERED IN REACHING OUR EARLIER DECISION. THE NAVY DID NOT POSE ANY SPECIFIC QUESTION DEALING WITH THE REQUIREMENT THAT MAIN MEMORY PROTECTION MUST ENSURE THE INTEGRITY OF A USER'S AREA DURING OPERATIONS.

DURING THE RECONSIDERATION OF THIS CASE WE REQUESTED THE NAVY TO FURNISH WHATEVER INTERNAL STANDARDS IT HAS FOR EVALUATION OF TECHNICAL PROPOSALS INVOLVING ADPE WORK OR FOR BENCHMARKING. THE NAVY FURNISHED A PUBLICATION ENTITLED "HANDBOOK FOR PREPARATION OF VENDOR BENCHMARK INSTRUCTIONS," OCTOBER 29, 1976, PUBLISHED BY ITS AUTOMATIC DATA PROCESSING EQUIPMENT SELECTION OFFICE (ADPESCO). THE HANDBOOK STATES AT P. 31:

A FUNCTIONAL DEMONSTRATION VERIFIES THE VENDOR'S ABILITY TO MEET A REQUIREMENT. THE NEED FOR A FUNCTIONAL DEMONSTRATION OFTEN CANNOT BE ESTABLISHED UNTIL THE VENDOR PROPOSALS ARE EVALUATED. *** QUITE OFTEN THE REQUIREMENT FOR A FUNCTIONAL DEMONSTRATION CAN BE SATISFIED THROUGH OTHER SOURCES SUCH AS MORE DETAILED VENDOR DOCUMENTATION, CLARIFICATION OF EXISTING VENDOR DOCUMENTATION OR EXPERIENCE ATTAINED FROM ANOTHER USER ACTIVITY WITH A SIMILAR CONFIGURATION.

FUNCTIONAL DEMONSTRATIONS ARE APPROPRIATE WHEN COMBINATIONS OF THE FOLLOWING EXIST:

A. ASPECTS OF THE VENDOR'S PROPOSAL TO MEET A COMPUTER SYSTEM REQUIREMENT ARE QUESTIONABLE AND OTHER MEANS CANNOT BE FOUND TO ADEQUATELY SUPPORT HIS CLAIMS.

B. THE OBJECTIVE FOR REQUIRING A FUNCTIONAL DEMONSTRATION CAN BE CLEARLY DEFINED. ***

WHILE NO SUGGESTION HAS BEEN MADE THAT THE HANDBOOK ESTABLISHES BINDING LEGAL GUIDELINES, IT DOES SHED SOME LIGHT ON THE EVALUATION STEPS WHICH MAY BE NECESSARY TO RESOLVE QUESTIONABLE TECHNICAL AREAS IN A PROPOSAL. AS INDICATED ABOVE, THOSE STEPS WOULD INVOLVE EITHER THE OBTAINING AND ANALYSIS OF MORE DETAILED TECHNICAL DOCUMENTATION THAN IS CONTAINED IN THE PROPOSAL, OR CONDUCTING A FUNCTIONAL DEMONSTRATION OF MANDATORY SECURITY REQUIREMENTS. WE BELIEVE THAT THE PRESENT ISSUE - THE COMNET PROPOSAL'S DEMONSTRATION OF READ PROTECTION OF MAIN MEMORY - IS PRECISELY THE TYPE OF QUESTIONABLE AREA TO WHICH THE HANDBOOK'S GUIDANCE IS DIRECTED.

OTHER TECHNICAL MATERIALS SUBMITTED BY THE NAVY IN SUPPORT OF ITS POSITION INCLUDE A JANUARY 25, 1977, AFFIDAVIT BY A COMPUTER CONSULTANT. THE SUBSTANCE OF THIS INDIVIDUAL'S VEIWS - THAT THE NAVY HAD A REASONABLE BASIS TO CONCLUDE FROM PAGE 54 OF THE COMNET PROPOSAL THAT READ PROTECTION WAS BEING OFFERED - HAS ALREADY BEEN TREATED ABOVE. MOREOVER, THIS INDIVIDUAL'S CONCLUSIONS WERE REACHED BASED UPON HIS EXAMINATION OF THE COMNET PROPOSAL AFTER OUR JANUARY 14, 1977, DECISION HAD BEEN RENDERED, WHEREAS THE ISSUE INVOLVES THE REASONABLENESS OF THE NAVY'S JUDGMENT DURING THE TECHNICAL EVALUATION OF PROPOSALS IN 1976.

SIMILARLY, SUBSEQUENT TO OUR JANUARY 14, 1977, DECISION NAVSUP AND THE PROCURING ACTIVITY - THE WASHINGTON, D.C. NAVAL REGIONAL PROCUREMENT OFFICE (NRPO) - SOUGHT AN INDEPENDENT TECHNICAL OPINION FROM ADPESO, WHICH WAS NOT OTHERWISE INVOLVED IN THE PROCUREMENT. THE ADPESO EXPERT'S STATEMENT IS ESSENTIALLY CONCLUSORY - FINDINGS THAT COMNET'S "ALPHA" SYSTEM SOLVED THE PROBLEM OF READ PROTECTION - AND DOES NOT ADDRESS THE ISSUE OF HOW THE COMNET PROPOSAL ADEQUATELY DEMONSTRATED THAT READ PROTECTION WOULD BE FURNISHED.

FURTHER, COMNET HAS MADE MANY ARGUMENTS IN SUPPORT OF ITS POSITION. FOR INSTANCE, COMNET, WHILE ADMITTING THAT ITS PROPOSAL DID NOT GO INTO "GREAT DETAIL" ON COMPUTER SECURITY, CONTENDS AT LENGTH THAT NOTHING IN THE RFP REQUIRED ANY "EXHAUSTIVE DISCLOSURE" REGARDING SECURITY. IN VIEW OF THE PLAIN LANGUAGE OF THE RFP TO THE CONTRARY, WE BELIEVE THIS ARGUMENT IS FRIVOLOUS. RFP SECTION D.1.B, P. 16, REQUIRED TECHNICAL PROPOSALS TO BE SUFFICIENTLY DETAILED SO AS TO ENABLE TECHNICAL PERSONNEL TO MAKE A THOROUGH EVALUATION OF THE OFFEROR'S CAPABILITY TO MEET THE STATEMENT OF WORK, AND STATED:

TO THIS END, THE TECHNICAL PROPOSAL SHOULD BE SO SPECIFIC, DETAILED AND COMPLETE AS TO CLEARLY AND FULLY DEMONSTRATE THAT THE OFFEROR HAS A THOROUGH UNDERSTANDING OF THE REQUIREMENT AND THE CAPABILITY TO ACCOMPLISH THE TASK.

AS ALREADY NOTED, RFP SECTION F.VII.A.5 REQUIRED A DETAILED DESCRIPTION OF ALL SECURITY MEASURES AND PROCEDURES. THE LANGUAGE OF THE RFP IN THIS REGARD COULD HARDLY BE LESS EQUIVOCAL.

"IT IS AXIOMATIC IN NEGOTIATED PROCUREMENT THAT AN OFFEROR MUST DEMONSTRATE AFFIRMATIVELY THE MERITS OF ITS PROPOSAL AND THAT SUCH MERIT IS NOT TO BE DETERMINED BY UNQUESTIONED ACCEPTANCE OF THE SUBSTANCE OF THE PROPOSAL." KINTON CORPORATION, B-183105, JUNE 16, 1975, 75-1 CPD 365. THE DEGREE OF DEMONSTRATION REQUIRED WILL VARY DEPENDING ON THE CIRCUMSTANCES OF THE CASE. COMPARE, FOR EXAMPLE, JULIE RESEARCH LABORATORIES, INC., 55 COMP.GEN. 374, 383 (1975), 75-2 CPD 232 (WHERE OFFERORS WERE REQUIRED TO RESPOND TO THE STATEMENT OF WORK ON A PARAGRAPH- BY-PARAGRAPH BASIS TO DEMONSTRATE HOW THE REQUIREMENTS WOULD BE MET) WITH MOXON, INCORPORATED/SRC DIVISION, B-179160, MARCH 13, 1974, 74-1 CPD 134 (WHERE THE RFP STATED EXACT REQUIREMENTS AND OFFERORS WERE NOT REQUESTED TO EXPLAIN THEIR PROPOSALS BY NARRATIVE OR DESCRIPTIVE INFORMATION). THE PRESENT CASE, IT IS ABUNDANTLY CLEAR THAT THE RFP REQUIRED A RATHER THOROUGH DEMONSTRATION IN THE PROPOSAL REGARDING COMPUTER SECURITY. COMNET DID NOT PROVIDE IT.

COMNET NEXT CONTENDS THAT IT DELIBERATELY AND PROPERLY DID NOT PROVIDE IN ITS PROPOSAL DETAILS OF ITS EXTENSIVE, PROPRIETARY ALPHA MODIFICATIONS TO THE OS/MVT OPERATING SYSTEM BECAUSE TO DO SO WOULD HAVE BEEN INHERENTLY SELF-DEFEATING AND WOULD HAVE VIOLATED THE PRINCIPLE THAT DISCLOSURE OF CONFIDENTIAL SECURITY INFORMATION SHOULD BE LIMITED TO THOSE WITH A "NEED TO KNOW." NRPO ITSELF REJECTS THIS ARGUMENT, STATING THAT SUBMISSION OF SECURITY DETAILS WOULD NOT SUBVERT SECURITY PROVIDED THAT PRECAUTIONS WERE TAKEN BY THE NAVY TO PROTECT THE CONFIDENTIALITY OF THE DETAILS. WHERE ADEQUATE SAFEGUARDS ARE TAKEN TO PROTECT AN OFFEROR'S PROPRIETARY INFORMATION AND EVALUATION OF THE INFORMATION IS NECESSARY, AN OFFEROR'S REFUSAL TO PROVIDE IT CAN JUSTIFY REJECTION OF THE OFFEROR'S PROPOSAL. SEE 51 COMP.GEN. 476 (1972). IN ANY EVENT, WE BELIEVE THAT COMNET COULD HAVE PROVIDED AN ADEQUATELY DETAILED DESCRIPTION OF ITS SECURITY METHODS AND PROCEDURES WITHOUT SUBMITTING VOLUMES OF PROPRIETARY INFORMATION.

COMNET FURTHER CONTENDS THAT THE FACT THAT TYMSHARE'S PROPOSAL PROVIDED NO MORE DETAIL ON COMPUTER SECURITY THAN DID COMNET'S SHOWS THAT COMNET PROVIDED A REASONABLE AMOUNT OF DETAIL. WE BELIEVE IT IS UNNECESSARY TO DECIDE WHETHER THE NAVY ACTED REASONABLE IN ACCEPTING TYMSHARE'S PROPOSAL AS BEING ADEQUATELY DETAILED IN REGARD TO COMPUTER SECURITY. IT IS SUFFICIENT TO NOTE THAT TYMSHARE OFFERED A SIGNIFICANTLY DIFFERENT HARDWARE/SOFTWARE CONFIGURATION, AND THAT THE DESCRIPTION OF THIS CONFIGURATION IN TYMSHARE'S PROPOSAL PROVIDED A CLEARER INDICATION OF HOW THE MAIN MEMORY PROTECTION REQUIREMENT WOULD BE MET THAN DID COMNET'S.

COMNET AND NRPO ALSO SUGGEST THAT THE NAVY'S TECHNICAL EVALUATORS HAD SOME FAMILIARITY WITH THE WORKINGS OF COMNET'S ALPHA SYSTEM. COMNET, FOR INSTANCE, STATES THAT THE NAVY "WAS AWARE OF THE DIFFERENCES BETWEEN ALPHA - THE SYSTEM OFFERED - AND THE IBM OS/MVT OPERATING SYSTEM." THE LACK OF READ PROTECTION IN THE OS/MVT IS WELL KNOWN. PRC COMPUTER CENTER, INC., ET AL., 55 COMP.GEN. 60, 91-95 (1975), 75-2 CPD 35. COMNET CONTENDS THAT SINCE IT WAS OFFERING ITS HIGHLY MODIFIED ALPHA SYSTEM AND THE NAVY WAS AWARE OF THE DIFFERENCES, IT WAS REASONABLE FOR THE NAVY TO ACCEPT THE COMNET PROPOSAL.

HOWEVER, SO FAR AS THE RECORD SHOWS, THE EVALUATORS' KNOWLEDGE IN THIS REGARD EXTENDED VERY LITTLE BEYOND THE BARE FACT THAT COMNET HAD MADE OR WAS MAKING VARIOUS "MODIFICATIONS" TO THE OS/MVT WHICH THE COMNET PROPOSAL DID NOT DESCRIBE IN DETAIL. SEE THE AFFIDAVIT OF THE TECHNICAL EVALUATION PANEL CHAIRMAN, SUPRA. SINCE THE COMNET PROPOSAL DID NOT CONTAIN DETAILED INFORMATION AND SINCE THERE IS NO SHOWING THAT ANY EVALUATORS OBTAINED SUCH KNOWLEDGE INDEPENDENTLY OF THE CONTENTS OF THE PROPOSAL, THERE IS NOTHING IN THE RECORD TO SUPPORT A CONCLUSION THAT THE EVALUATORS HAD ACTUAL KNOWLEDGE OF THE DETAILS OF COMNET'S COMPUTER SECURITY METHODS OR OF HOW COMNET WAS TO PROVIDE READ PROTECTION.

IN THIS SAME CONNECTION, NRPO POINTS OUT THAT THE CHAIRMAN OF THE TECHNICAL EVALUATION PANEL "HAD READ THE ALPHA MANUAL AND FACILITIES GUIDE AND HENCE WAS QUITE FAMILIAR WITH THE ALPHA SYSTEM." THE ALPHA USER MANUAL AND THE COMNET FACILITIES GUIDE WERE TWO OF SEVERAL ATTACHMENTS TO THE COMNET PROPOSAL. APPARENTLY DUE TO AN OVERSIGHT, THE ATTACHMENTS WERE NOT SUBMITTED TO OUR OFFICE BY THE NAVY IN ITS REPORTS ON THE PROTESTS. THUS, THESE MATERIALS WERE NOT TAKEN INTO CONSIDERATION BY OUR OFFICE IN REACHING OUR EARLIER DECISION.

THE ALPHA USER MANUAL IS A DOCUMENT WHICH DESCRIBES THE FUNCTIONS AND COMMANDS OF AN EXTENSIVE, REMOTE, CONVERSATIONAL TIMESHARING SUPPLEMENT TO IBM 360/370 SYSTEMS. IT SPECIFICALLY PROVIDES A SIMPLE INTERFACE TO OS/MVT. IT DOES NOT CONTAIN ANY DIRECT TECHNICAL INFORMATION REGARDING THE ALPHA-OS/MVT INTERFACE OR HOW THE PARTS OF THE SYSTEM ARE ORGANIZED AND SUPPORTED. IT DOES NOT HAVE SEPARATE OR EXTENSIVE DISCUSSION OF SECURITY FEATURES, EXCEPT FOR SOME REFERENCES TO THE USE OF PASSWORDS TO PROTECT ACCESS TO DATA SETS AND LIBRARIES. THE BULK OF THE MANUAL IS A DESCRIPTION OF THE SYNTAX AND SEMANTICS OF SOME 46 TERMINAL USER COMMANDS. WE DO NOT BELIEVE THAT RELIANCE ON THIS MANUAL COULD AFFORD A REASONABLE BASIS FOR A CONCLUSION BY THE NAVY THAT COMNET'S PROPOSAL DEMONSTRATED COMPLIANCE WITH THE RFP REQUIREMENTS. SIMILARLY, THE OTHER ATTACHMENTS - A COMNET FACILITIES GUIDE (A MANUAL DESCRIBING THE FUNCTIONS AND USE OF A COMPUTER-BASED TEXT AND DOCUMENT EDITOR) AND IBM OS COBOL MANUAL (A REFERENCE MANAUL FOR AN INTERACTIVE ON-LINE COBOL PROGRAM WRITING DEBUGGING FACILITY) COULD NOT PROVIDE SUCH A BASIS.

THE FAILURE TO FURNISH THESE ATTACHMENTS TO OUR OFFICE DOES NOT, THEREFORE, AFFECT THE OUTCOME OF THIS CASE. HOWEVER, BY LETTER OF TODAY TO THE SECRETARY OF THE NAVY, DISCUSSED INFRA, WE ARE SUGGESTING THAT RESPONSIBLE NAVY OFFICIALS BE REMINDED THAT IT IS IMPERATIVE THAT OUR OFFICE BE FURNISHED COMPLETE REPORTS IN RESPONSE TO PROTESTS.

IT IS SIGNIFICANT ALSO THAT COMNET'S PROPOSAL INDICATED THAT ITS SECURITY MODIFICATIONS WERE INCOMPLETE AT THE TIME THE PROPOSAL WAS SUBMITTED. COMNET ARGUES THAT ALL LEGAL REQUIREMENTS ARE MET AS LONG AS THE SYSTEM WOULD BE OPERATIVE AT THE TIME OF AWARD, CITING OMNUS COMPUTER CORPORATION, B-183298, OCTOBER 9, 1975, 75-2 CPD 216 AND SYCOR, INC., B-180310, APRIL 22, 1974, 74-1 CPD 207. IN OMNUS, HOWEVER, UNLIKE THE PRESENT CASE, THE AGENCY HAD A REASONABLE BASIS TO CONCLUDE FROM THE SUCCESSFUL OFFEROR'S TECHNICAL PROPOSAL THAT THE PROPOSED SYSTEM HAD THE CAPABILITY OF PERFORMING IN ACCORDANCE WITH THE SPECIFICATIONS. SIMILARLY, SYCOR, WHERE A SUCCESSFUL OFFEROR WAS GIVEN A FEW DAYS TO CORRECT MINOR OVERSIGHTS IN ITS LIVE TEST DEMONSTRATION - WHICH DID NOT ALTER OR MODIFY THE OFFERER'S PROPOSAL - IS NOT GOOD AUTHORITY FOR THE CONTENTION ADVANCED BY COMNET. THAT A SUCCESSFUL OFFEROR WOULD NOT BE REQUIRED TO PUT A CONFORMING SYSTEM INTO OPERATION UNTIL THE TIME OF AWARD DOES NOT EXCUSE THE FAILURE TO SUBMIT A PROPOSAL ADEQUATELY DEMONSTRATING THAT A CONFORMING SYSTEM WOULD BE FURNISHED.

COMNET ALSO SUGGESTS THAT WHETHER IT WOULD FURNISH READ PROTECTION IS A QUESTION OF RESPONSIBILITY, NOT A QUESTION AS TO THE TECHNICAL ACCEPTABILITY OF ITS PROPOSAL, CITING UNITED COMPUTING CORPORATION, B-181736, JANUARY 16, 1975, 75-1 CPD 23. THAT CASE INVOLVED A QUESTION OF RESPONSIBILITY AS TO WHETHER AN OFFEROR POSSESSED SOFTWARE IT HAD PROMISED TO FURNISH IN ACCORDANCE WITH CERTAIN SPECIFICATIONS. HOWEVER, THE TERMS OF THE PRESENT RFP INDICATE THAT WHETHER A PROPOSAL DEMONSTRATED SATISFACTION OF COMPUTER SECURITY REQUIREMENTS WAS A QUESTION RELATING TO THE TECHNICAL ACCEPTABILITY OF THE PROPOSAL. THE COMPUTER SECURITY REQUIREMENTS IN SECTION VII OF THE RFP SCHEDULE ARE NOT PHRASED IN TERMS OF RESPONSIBILITY. FURTHER, UNDER THE SEQUENCE OF EVENTS ESTABLISHED IN THE RFP, THE TECHNICAL EVALUATION OF PROPOSALS' COMPLIANCE WITH THE REQUIREMENTS PRECEDED THE SUBMISSION OF PRICE PROPOSALS, WHICH IN TURN PRECEDED CONSIDERATION OF A SUCCESSFUL OFFEROR'S RESPONSIBILITY AS A PROSPECTIVE CONTRACTOR. IN ACCORDANCE WITH THIS SCHEME, AFTER NRPO HAD EVALUATED THE TECHNICAL PROPOSALS, IT ADVISED COMNET AND TYMSHARE THAT THEIR PROPOSALS WERE TECHNICALLY ACCEPTABLE - NOT THAT THEY HAD BEEN DETERMINED TO BE RESPONSIBLE PROSPECTIVE CONTRACTORS.

COMNET NEXT CONTENDS THAT ITS SYSTEM IS CURRENTLY PROVIDING READ PROTECTION DURING THE PERFORMANCE OF THE CONTRACT, CITING AS EVIDENCE A TEST OF THE SYSTEM CONDUCTED BY NRPO ON JANUARY 24, 1977. WHILE IT IS NOT ALLEGED THAT THE TEST ENCOMPASSED A COMPREHENSIVE DEMONSTRATION OF THE SECURITY OF THE ENTIRE SYSTEM, COMNET AND NRPO MAINTAIN IT DID SHOW THAT READ PROTECTION IS IN EFFECT.

WE DO NOT SEE THE RELEVANCE OF THIS ARGUMENT. THE ISSUE TREATED IN OUR EARLIER DECISION INVOLVED THE REASONABLENESS OF THE NAVY'S JUDGMENT IN EVALUATING THE COMNET PROPOSAL AND DECIDING THAT IT ADEQUATELY DEMONSTRATED SATISFACTION OF THE MAIN MEMORY PROTECTION REQUIREMENTS. THIS ISSUE RELATES TO THE PROPRIETY OF THE AWARD, NOT TO CONFORMANCE WITH THE REQUIREMENTS OR ACTUAL SATISFACTION OF THE GOVERNMENT'S NEEDS AFTER AWARD. SEE THE DISCUSSION OF THIS POINT IN CORBETTA, SUPRA, AT 975-976.

COMNET ATTEMPTS TO DISTINGUISH CORBETTA ON THE GROUNDS THAT THE SUCCESSFUL OFFEROR IN THAT CASE HAD MADE ONLY A BLANKET OFFER OF COMPLIANCE WITH THE REQUIREMENTS, WHEREAS HERE COMNET SPECIFICALLY OFFERED TO MEET THE REQUIREMENTS. HOWEVER, AS ALREADY NOTED, WE DO NOT BELIEVE THE NAVY HAD A REASONABLE BASIS TO CONCLUDE THAT THE COMNET PROPOSAL EVEN OFFERED FULL READ PROTECTION. IN ANY EVENT, WE THINK THE DISTINCTION IS UNSOUND. WHETHER THE CONTRACT WAS PROPERLY AWARDED IS NOT DEPENDENT ON HOW THE CONTRACT IS BEING PERFORMED, BUT UPON WHETHER THE AWARD IS LEGALLY SUPPORTABLE. KENNETH DAVID LTD., SUPRA; INSTRUMENTATION MARKETING CORPORATION, B-182347, JANUARY 28, 1975, 75-1 CPD 60.

WHETHER READ PROTECTION IS NOW IN EFFECT MAY HAVE SOME RELEVANCE TO THE TYPE OF REMEDY RECOMMENDED BY OUR OFFICE WHERE AN IMPROPER AWARD HAS BEEN FOUND. SEE THE DISCUSSION INFRA.

OUR EARLIER DECISION CONCLUDED THAT THE NAVY LACKED A REASONABLE BASIS IN DETERMINING THAT THE COMNET PROPOSAL DEMONSTRATED COMPLIANCE WITH REQUIREMENT THAT MAIN MEMORY PROTECTION MUST ENSURE THE INTEGRITY OF A USER'S AREA DURING OPERATIONS (I.E., READ PROTECTION). AFTER RECONSIDERATION, IT IS OUR VIEW THAT THE NAVY COULD NOT REASONABLY DETERMINE FROM THE COMNET PROPOSAL WHETHER FULL READ PROTECTION WAS BEING OFFERED AND HOW IT WOULD BE PROVIDED. ACCORDINGLY, OUR EARLIER DECISION'S CONCLUSION HAS NOT BEEN SHOWN TO BE ERRONEOUS.

RECONSIDERATION OF RECOMMENDATION

IN VIEW OF THE FOREGOING, OUR EARLIER DECISION HAS NOT BEEN SHOWN TO BE ERRONEOUS IN FACT OF LAW, AND WE BELIEVE THAT THE DECISION'S RECOMMENDATION THAT THE NAVY REOPEN NEGOTIATIONS WAS CORRECT AT THE TIME IT WAS MADE.

HOWEVER, COMNET'S, TYMSHARE'S, AND THE NAVY'S REQUESTS FOR RECONSIDERATION HAVE CONSUMED A SUBSTANTIAL AMOUNT OF TIME. FROM JANUARY 28, 1977, THROUGH APRIL 1977, THE THREE PARTIES HAVE MADE MULTIPLE WRITTEN SUBMISSIONS IN SUPPORT OF THEIR RESPECTIVE POSITIONS. THE COMNET CONTRACT EXPIRES ON JUNE 14, 1977. THEREFORE, IT APPEARS THAT REOPENING NEGOTIATIONS AT THIS POINT IN TIME IS NOT A VIABLE AND PRACTICABLE REMEDY.

THE COMNET CONTRACT PROVIDES FOR TWO OPTION YEARS. IN THIS REGARD, COMNET AND THE NAVY - CITING MANLOADING & MANAGEMENT ASSOCIATES, INC. V. UNITED STATES, 461 F.2D 1299, 198 CT.CL. 628 (1972) - ASSERT THAT FAILURE TO EXERCISE THE OPTIONS COULD RESULT IN THE GOVERNMENT'S INCURRING TERMINATION FOR CONVENIENCE COSTS. COMNET MAINTAINS THAT THE GOVERNMENT MIGHT BE LIABLE TO THE EXTENT OF ABOUT $1,700,000, AND NRPO STATES THAT LIABILITY COULD EXCEED $1,000,000.

THE MANLOADING CASE INVOLVED THE AWARD OF A CONTRACT FOR DATA CONVERSION WORK, THE TOTAL VOLUME OF WHICH WOULD TAKE TWO YEARS; THE TERM OF THE CONTRACT WAS ONLY A FEW WEEKS BUT IT PROVIDED THE TWO OPTION YEARS. AT A PREBID CONFERENCE, PROSPECTIVE BIDDERS WERE TOLD THAT FUNDS WERE AVAILABLE AND THAT THERE WAS "NO QUESTION" THAT THE OPTION FOR THE FIRST YEAR WOULD BE EXERCISED. DUE TO A PROTEST DECISION OF OUR OFFICE WHICH RECOMMENDED A RESOLICITATION, THE GOVERNMENT DID NOT EXERCISE THE FIRST OPTION YEAR. THE COURT OF CLAIMS HELD THAT THE DOCTRINE OF EQUITABLE ESTOPPEL EFFECTIVELY RESULTED IN AN AMENDMENT WHICH RENEWED THE CONTRACT, AND THAT THE CONTRACTOR WAS ENTITLED TO RECOVER IN ACCORDANCE WITH THE TERMINATION FOR CONVENIENCE CLAUSE OF THE CONTRACT.

COMNET AND THE NAVY BELIEVE MANLOADING APPLIES HERE BECAUSE OF THE FOLLOWING QUESTION BY A PROSPECTIVE OFFEROR AT THE PREPROPOSAL CONFERENCE AND THE NAVY'S ANSWER, WHICH WAS CONTAINED IN RFP AMENDMENT 0002:

Q. OTHER THAN AN EARLIER IMPLEMENTATION OF YOUR PLANNED IN-HOUSE SYSTEM IN NEW ORLEANS, ARE THERE OTHER EVENTUALITIES WHICH MIGHT CAUSE NON- RENEWAL? IF YES, WHAT ARE THEY? (CSC)

A. NONE, OTHER THAN THOSE NORMALLY ASSOCIATED WITH YEAR-TO-YEAR FUNDING.

THIS FALLS CONSIDERABLY SHORT OF THE UNEQUIVOCAL ASSURANCE GIVEN BY THE GOVERNMENT IN THE MANLOADING CASE. THERE ARE MANY EVENTUALITIES NORMALLY ASSOCIATED WITH YEAR-TO-YEAR FUNDING. FUNDS MIGHT BE CUT OFF, SUBSTANTIALLY REDUCED, OR SUBSTANTIALLY INCREASED; THE NAVY MIGHT DECIDE TO DO THE WORK IN-HOUSE, OR TO COMBINE IT IN A NEW PROCUREMENT WITH WORK WHICH HAD THERETOFORE BEEN PROCURED SEPARATELY. IT IS INTERESTING TO NOTE IN THIS REGARD THAT NRPO AND COMNET MUTUALLY AGREED THAT THE TERM OF THE COMNET CONTRACT WOULD BE LIMITED TO THE PERIOD FROM AUGUST 19, 1976, TO JUNE 14, 1977 - RATHER THAN ONE FULL YEAR - BECAUSE OF NAVY "BUDGETARY CONSTRAINTS."

ALSO, AMONG THE MANY OTHER FACTORS DISTINGUISHING THE PRESENT CASE FROM MANLOADING, IT IS SIGNIFICANT THAT THERE WAS APPARENTLY NO FAULT OR ERROR ON THE PART OF MANLOADING IN SUBMITTING ITS BID; THE ERROR WAS ON THE PART OF THE GOVERNMENT IN ISSUING A DEFECTIVE SOLICITATION. IN THE PRESENT CASE, WHILE THERE HAVE BEEN ERRORS BY THE NAVY IN CONDUCTING THE PROCUREMENT, THERE WAS ALSO A FAILURE BY COMNET TO PROVIDE SUFFICIENT DETAIL IN ITS PROPOSAL ON COMPUTER SECURITY. THEREFORE, UNLIKE MANLOADING THERE IS SOME DOUBT THAT COMNET HAD THE "CLEAN HANDS" NECESSARY TO OBTAIN EQUITABLE RELIEF.

FOR THE FOREGOING REASONS, WE SEE NO DIFFICULTY SHOULD THE NAVY DECLINE TO EXERCISE THE OPTIONS IN THE COMNET CONTRACT. ALSO, NON EXERCISE OF THE OPTIONS IS AN APPROPRIATE PROTEST REMEDY WHERE REOPENING OF NEGOTIATIONS IS NOT PRACTICABLE.

COMNET AND NRPO, HOWEVER, APPARENTLY BELIEVE THAT NO RECOMMENDATION FOR A REMEDY WOULD BE APPROPRIATE IN THIS CASE IN VIEW OF THE FACT THAT NRPO'S SECURITY TEST ON JANUARY 24, 1977, ESTABLISHED THAT READ PROTECTION IS IN EFFECT DURING CONTRACT PERFORMANCE. ALSO, COMNET AND NRPO SUGGEST THAT ANY LACK OF DETAIL IN THE COMNET PROPOSAL ON COMPUTER SECURITY DID NOT PREJUDICE TYMSHARE.

IN THIS REGARD, THERE IS SOME AUTHORITY FOR THE PROPOSITION THAT EVEN IF A PROPOSAL IS DEFICIENT IN SOME WAY, THE AWARD WILL NOT NECESSARILY BE DISTRUBED IF CONTRACT PERFORMANCE COMPLIES WITH THE RFP REQUIREMENTS. SEE, FOR EXAMPLE, I SYSTEMS INC., B-186513, JANUARY 27, 1977, 77-1 CPD 65. THERE WE FOUND MERIT IN THE PROTESTER'S ARGUMENT THAT THE SUCCESSFUL PROPOSAL DID NOT PROVIDE CLEAR COMMITMENTS FROM CERTAIN PROSPECTIVE EMPLOYEES OF THE CONTRATOR. HOWEVER, THE INDIVIDUALS DID IN FACT BECOME EMPLOYEES DURING CONTRACT PERFORMANCE, AND WE DECLINED TO DISTURB THE AWARD.

WE HAVE REVIEWED THE INFORMATION IN THE RECORD CONCERNING THE JANUARY 24, 1977 SECURITY TEST. WE BELIEVE THE TEST DID DEMONSTRATE THAT SOME FORM OF READ PROTECTION IS IN EFFECT. HOWEVER, THE TEST WAS RATHER SIMPLE AND DID NOT DISCLOSE HOW READ PROTECTION WAS IMPLEMENTED, OR THE ADEQUACY OF THE PROTECTION FEATURE. WE DO NOT BELIEVE THAT NRPO'S TEST CONSTITUTES AN ADEQUATE BASIS FOR DETERMINING THAT MAIN MEMORY PROTECTION MUST ENSURE THE INTEGRITY OF A USER'S AREA DURING OPERATIONS.

ALSO, AT COMNET'S REQUEST, GAO REPRESENTATIVES VISITED ITS WASHINGTON, D.C., FACILITY ON APRIL 26, 1977, FOR THE PURPOSE OF ALLOWING COMNET TO DISPLAY INTERNAL COMPANY DOCUMENTS DEALING WITH ITS COMPUTER SECURITY. THIS VISIT WAS NOT AN EX PARTE CONFERENCE ALLOWING COMNET TO MAKE ARGUMENTS IN SUPPORT OF ITS REQUEST FOR RECONSIDERATION, NOR WAS IT A COMPREHENSIVE ON-SITE AUDIT REVIEW OF COMNET'S SECURITY.

FROM THIS VISIT WE ASCERTAINED THAT BOTH HARDWARE AND SOFTWARE MODIFICATIONS HAD BEEN MADE TO THE COMNET SYSTEM. SOME OF THE HARDWARE MODIFICATIONS APPARENTLY WERE NOT COMPLETED UNTIL THE TIME COMNET BEGAN PERFORMANCE OF ITS CONTRACT, I.E., AROUND OCTOBER 1976. WE ALSO ASCERTAINED THAT A FORM OF "FETCH PROTECTION" IS CURRENTLY EMPLOYED IN THE COMNET SYSTEM DEDICATED TO NAVY USE. FETCH PROTECTION IS DEFINED IN THE DATA COMMUNICATIONS DICTONARY, SUPRA, AS "A STORAGE PROTECTION FEATURE THAT DETERMINES RIGHT OF ACCESS TO MAIN STORAGE BY MATCHING A PROTECTION KEY, ASSOCIATED WITH A FETCH REFERENCE TO MAIN STORAGE, WITH A STORAGE KEY, ASSOCIATED WITH EACH BLOCK OF MAIN STORAGE. SEE ALSO STORAGE PROTECTION." FOR THE PURPOSES OF OUR PRESENT DISCUSSION, THE FETCH PROTECTION CAN BE CONSIDERED SYNONYMOUS WITH READ PROTECTION. HOWEVER, AS ALREADY NOTED, THE SCOPE OF OUR REVIEW OF THIS MATTER DID NOT INCLUDE THE COMPLETENESS AND RELIABILITY OF THE MODIFICATIONS TO THE COMNET SYSTEM; RATHER, IT WAS LIMITED TO THE QUESTION OF WHETHER THE COMNET SYSTEM HAD THE ABILITY TO SUPPORT FETCH PROTECTION.

COMNET CONTENDS THAT ANY DOUBTS AS TO THE ADEQUACY OF ITS CONTRACT PERFORMANCE MUST BE RESOLVED BY A GAO TEST OF ITS COMPUTER SECURITY. DISAGREE. WE HAVE OFTEN POINTED OUT THAT THE ADEQUACY OF A CONTRACTOR'S PERFORMANCE IS A MATTER OF CONTRACT ADMINISTRATION, WHICH IS THE FUNCTION OF THE CONTRACTING AGENCY, NOT OUR OFFICE. SEE, FOR EXAMPLE, CORBETTA, SUPRA, AT 987. MOREOVER, WE BELIEVE IT IS INCUMBENT UPON THE PARTIES REQUESTING RECONSIDERATION TO BEING FORWARD THE INFORMATION AND EVIDENCE NECESSARY TO SUBSTANTIATE THEIR CASE. SEE, IN THIS REGARD, HOUSTON FILMS, INC. (RECONSIDERATION), B-184402, JUNE 16, 1976, 76-1 CPD 380; ALLEN & VICKERS, INC., 54 COMP.GEN. 1100 (1975), 75-1 CPD 399.

FURTHER, EVEN IF IT WAS ESTABLISHED THAT COMNET'S SECURITY IS COMPLETELY IN COMPLIANCE WITH THE RFP REQUIREMENTS, WE DO NOT BELIEVE THAT IT WOULD BE APPROPRIATE FOR OUR OFFICE TO FOREGO A RECOMMENDATION FOR CORRECTIVE ACTION IN THIS CASE. WE BELIEVE THE IMPORTANCE OF THE PRIVACY ACT AND RELATED COMPUTER SECURITY REQUIREMENTS CALL FOR A RECOMMENDATION THAT THE OPTIONS IN THE CURRENT CONTRACT NOT BE EXERCISED. CONCLUSION

OUR EARLIER DECISION IS AFFIRMED AS BEING CORRECT AT THE TIME IT WAS MADE.

DUE SOLELY TO THE AMOUNT OF TIME CONSUMED BY THE REQUESTS FOR RECONSIDERATION, WE NOW MAKE THE FOLLOWING RECOMMENDATION: INSTEAD OF REOPENING NEGOTIATIONS, THE NAVY SHOULD NOT EXERCISE THE OPTION YEARS PROVIDED FOR IN THE COMNET CONTRACT, AND SHOULD RESOLICIT ON A COMPETITIVE BASIS ANY REQUIREMENT IT MAY HAVE FOR THESE SERVICES AFTER THE EXPIRATION OF COMNET'S CONTRACT ON JUNE 14, 1977.

BY LETTER OF TODAY, WE ARE ADVISING THE SECRETARY OF THE NAVY OF THIS CHANGE IN OUR RECOMMENDATION FOR CORRECTIVE ACTION, AND ALSO THAT THE CHANGE DOES NOT AFFECT THE NAVY'S OBLIGATION TO FURNISH WRITTEN STATEMENTS TO THE CONGRESSIONAL COMMITTEES REFERENCE IN SECTION 236 OF THE LEGISLATIVE REORGANIZATION ACT OF 1970, 31 U.S.C. SEC. 1176 (1970), CONCERNING THE ACTION TAKEN WITH RESPECT TO OUR RECOMMENDATION.