More Whistleblower Suits Filed Than Ever Before: The False Claims Act in 2024
As in recent years, the False Claims Act (FCA) continued to serve as a tool utilized by the federal government against government contractors in 2024. The government collected more than $2.9 billion as a result of 558 FCA settlements and judgments. Although procurement fraud was not as large a driver of the government’s recoveries as it has been in prior years, matters involving the military’s purchase of goods and services, including allegations related to the procurement process, failing to comply with contract requirements, and paying kickbacks have and will continue to be a significant concern for the government. In addition, the government’s effort to root out COVID-19-related fraud resulted in more than 250 FCA settlements and judgments, and the government collecting more than $250 million. To keep you apprised of the current enforcement trends and the status of the law, Bradley’s Government Enforcement & Investigations Practice Group is pleased to present the False Claims Act: 2024 Year in Review, our 13th annual review of significant FCA cases, developments, and trends.
Listen to this post
Netflix Content Becomes Federal Evidence: EDNY’s OneTaste Prosecution Faces Scrutiny Amid DOJ Transition
Recent developments in the Eastern District of New York’s prosecution of wellness company OneTaste in U.S. v. Cherwitz have raised novel questions about the intersection of streaming content and criminal evidence.1 Defense motions filed in December of 2024 and January 2025 challenge the government’s use of journal entries originally created for a Netflix documentary as key evidence in its forced labor conspiracy case. This occurs during a sea change in DOJ priorities entering a new presidential administration.
After a five-year investigation, EDNY prosecutors in April of 2023 filed a single-count charge of forced labor conspiracy against OneTaste founder Nicole Daedone and former sales leader Rachel Cherwitz. The government alleges the conspiracy unfolded over a fourteen-year span, but in a prosecutorial first did not charge a substantive crime. Over the course of the prosecution, the defendants filed repeated motions with the court asking it to order the government to specify the nature of the offense. Most recently, Celia Cohen, newly appointed defense counsel for Rachel Cherwitz, highlighted in a January 18 motion the case’s unusual nature: “The government has charged one count of a forced labor conspiracy…without providing any critical details about the force that occurred and how it specifically induced any labor.”
In recent defense filings, the prosecution has faced mounting scrutiny over the authenticity of journal entries attributed to key government witness Ayries Blanck. Prosecutors had previously moved in October of 2024 for the court to admit the journal entries as evidence at trial for their case in chief. In a December 30 motion, Jennifer Bonjean, defense counsel for Nicole Daedone revealed that civil discovery exposes that the journal entries presented by the government as contemporaneous accounts from 2015 were actually created and extensively edited for Netflix’s 2022 documentary “Orgasm Inc” on OneTaste.
“Through metadata and edit histories, we can watch entertainment become evidence,” Bonjean argued in her motion. Technical analysis from a court-ordered expert showed the entries underwent hundreds of revisions by multiple authors, including Netflix production staff, before being finalized in March 2023 – just days before a sealed indictment was filed against defendants Cherwitz and Daedone. The defense has argued that this Netflix content was presented to the grand jury to secure an indictment.
The government’s handling of these journal entries took a dramatic turn during a January 23 meet-and-confer session. After defense counsel challenged the authenticity of handwritten journals matching the Netflix content, prosecutors abruptly withdrew them from their case-in-chief. While maintaining the journals’ legitimacy, this retreat from evidence previously characterized as central to their case prompted new defense challenges.
“This prosecution is a house of cards,” argued defense counsel Celia Cohen and Michael Roboti of Ballard Spahr in a January 24 motion to dismiss. Cohen and Roboti, who joined Rachel Cherwitz’s defense team earlier this month, highlighted how the government’s withdrawal of the handwritten journals “exemplifies the serious problems with this prosecution.” Their motion notes that defense witnesses in a parallel civil case have exposed government witnesses as “perjurers” who “have received significant benefits from the government and from telling their ‘stories’ in the media.”
The matter came to head during a January 24 hearing before Judge Diane Gujarati, who had previously denied prosecutors’ request to grant anonymity to ten potential witnesses. When Cohen attempted to address unresolved issues regarding the journals, she was sharply rebuked by the court, which had indicated it would not address the new filing during the scheduled hearing. Gujarati stated that she did not intend to schedule any further conferences before trial. The trial date is scheduled for May 5, 2025.
The case’s challenges coincide with significant changes at DOJ and EDNY under the new Trump administration. EDNY Long Island Division Criminal Chief John J. Durham was sworn in as Interim U.S. Attorney for EDNY on January 21, following former U.S. Attorney Breon Peace’s January 10 resignation. Peace spearheaded the OneTaste prosecution. Durham will serve until the Senate confirms President Trump’s nominee, Nassau County District Court Judge Joseph Nocella Jr.
The timing is particularly significant given President Trump’s January 20 executive order “Ending The Weaponization of The Federal Government.” The order specifically cites the EDNY prosecution of Douglass Mackey as an example of “third-world weaponization of prosecutorial power.” This reference carries special weight as EDNY deployed similar strategies in both the Mackey and Cherwitz cases – single conspiracy charges without substantive crimes, supported by media narratives rather than traditional evidence.
As Durham takes the helm at EDNY, this case presents an early test of how the office will handle prosecutions that blend entertainment with evidence, and whether novel theories of conspiracy without specified crimes will survive increased scrutiny under new leadership. The transformation of Netflix content into federal evidence may face particular challenges as the Attorney General reviews law enforcement activities of the prior four years under the new executive order’s mandate.
The government’s position faces further scrutiny as mainstream media begins to question its narrative. A January 24 Wall Street Journal profile by veteran legal reporter Corinne Ramey presents Daedone as a complex figure whose supporters call her a “visionary,” while examining the unusual nature of prosecuting wellness education as forced labor. The piece’s headline – “She Made Orgasmic Meditation Her Life. Not Even Prison Will Stop Her” – captures both the prosecution’s gravity and Daedone’s unwavering commitment to her work despite federal charges.
1 U.S. v. Cherwitz, et al., No. 23-cr-146 (DG).
Human Trafficking Monitoring for Telehealth Providers
Overview: Telehealth providers are uniquely positioned to monitor for human trafficking when interacting with patients. Survivor records indicate that health services are among the most common points of access to help trafficked persons, and nearly 70% of human trafficking survivors report having had access to health services at some point during their exploitation. While there’s limited data regarding trafficked persons’ use of telehealth services, empirical evidence demonstrates that a greater proportion of trafficked persons completed telehealth appointments during the early period of the COVID-19 pandemic than pre-pandemic. To enable telehealth providers to assist trafficked patients, this article discusses the legal landscape surrounding human trafficking and lays out best practices for telehealth providers.
Background: Telehealth providers are subject to a patchwork of legal requirements aimed at reducing human trafficking. If the patient is under the age of 18 or is disabled, many states require telehealth providers to report instances in which they know or reasonably believe the patient has experienced or is experiencing abuse, mistreatment, or neglect. Some states, such as Florida and New Jersey, also require telehealth providers partake in anti-trafficking education.
Online platforms that offer telehealth services are also subject to federal legislation regarding sex trafficking monitoring. In 2018, US Congress passed the Allow States and Victims to Fight Online Trafficking Act of 2017 (FOSTA). The law was enacted primarily in response to unsuccessful litigation against Backpage.com, a website accused of permitting and even assisting users in posting advertisements for sex trafficking. Before FOSTA’s enactment, Section 230 of the Communications Decency Act essentially shielded online platforms from liability for such conduct. FOSTA, however, effectively created an exception to Section 230 by establishing criminal penalties for those who promote or facilitate sex trafficking through their control of online platforms. These penalties, generally limited to a fine, imprisonment of up to 10 years, or both, may be heightened for aggravated violations, which are violations involving reckless disregard of sex trafficking or the promotion or facilitation of prostitution of five or more people. State attorneys general and, in cases of aggravated violations, injured persons also may bring civil actions against those who control online platforms in violation of the law.
Since FOSTA’s inception, the US Department of Justice (DOJ) has brought at least one criminal charge under the law. In 2021, after being charged by DOJ, the owner of the online platform CityXGuide.com pleaded guilty to one count of promotion of prostitution and reckless disregard of sex trafficking, a violation of FOSTA’s aggravated violations provision. According to DOJ officials, more charges have not been brought under FOSTA because the law is relatively new and federal prosecutors have had success prosecuting those who control online platforms by bringing racketeering and money laundering charges. Nonetheless, it is possible that prosecutors will pursue FOSTA violations more regularly during the Trump administration, particularly because US President Donald Trump signed it into law during his first term in office, calling it “crucial legislation.”
Best Practices for Telehealth Providers
Telehealth providers and online platforms that offer telehealth services should consider adhering to the following best practices when monitoring for human trafficking:
Complete Anti-Trafficking Training. Telehealth providers should complete an anti-trafficking training or educational program on a regular basis, regardless of whether they are legally required to do so. One such program is the US Department of Health and Human Services’ Stop, Observe, Ask, and Respond (SOAR) to Health and Wellness Training program. Telehealth providers may attend SOAR trainings in person or online and, depending on the program, may receive continuing education credit for their participation.
Implement a Referral Network. Prior to monitoring patients, telehealth providers should prepare a comprehensive referral list with detailed procedures for assisting identified individuals who have been trafficked or are vulnerable to trafficking. Referral lists should help patients access services that meet various immediate, intermediate, and long-term needs. Referral lists also should include information about how to connect with both national and local anti-trafficking resources.
Be Aware of Indicators of Human Trafficking for Adults. The National Human Trafficking Training and Technical Assistance Center has developed indicators of adult human trafficking. Indicators that may arise during a telehealth visit include instances where:
The patient is not in control of personal identification or does not have valid identification as part of the visit
The patient does not know where they live (or their geolocation does not match their stated location)
The patient’s story does not make sense or seems scripted
The patient seems afraid to answer questions
The patient appears to be looking at an unidentified person offscreen after speaking
The patient’s video background appears to be an odd living or work space (may include tinted windows, security cameras, barbed wire, or people sleeping or living at worksite)
The patient exhibits or indicates signs of physical abuse, drug or alcohol misuse, or malnourishment.
Be Aware of Indicators of Human Trafficking for Children. Indicators of human trafficking for children often differ from those for adults. The National Center for Missing & Exploited Children (NCMEC) has issued a list of risk factors useful for identifying possible indicators of child sex trafficking. Although NCMEC cautions that no single indicator can accurately identify a child as a sex trafficking victim, the presence of multiple factors increases the likelihood of identifying victims. Indicators that may arise during a telehealth visit include the following:
The child avoids answering questions or lets others speak for them
The child lies about their age and identity or otherwise responds to the provider in a manner that doesn’t align with their telehealth profile or account information
The child appears to be looking at an unidentified person offscreen after speaking
The child uses prostitution-related terms, such as “daddy,” “the life,” and “the game”
The child has no identification (or their identification is held by another person)
The child displays evidence of travel in their video background (living out of suitcases, at motels, or in a car)
The child references traveling to cities or states that do not match their geolocation
The child has numerous unaddressed medical issues.
Fraud Section’s 2024 Year in Review Shows Enforcement Uptick
The Fraud Section of the U.S. Department of Justice’s Criminal Division published its Year in Review last month, which showed an uptick for white collar enforcement in foreign corruption, financial and health care fraud. The enforcement affected a range of industries including telecommunications, defense contracting, software services, aviation, consulting, and financial services. Below we highlight the enforcement trends and identify our key takeaways for 2025.
Foreign Corruption
DOJ resolved eight criminal corporate cases and entered into one declination pursuant to its Corporate Enforcement and Voluntary Self-Disclosure Policy (“CEP”). The schemes involved bribery of officials in Latin America, Africa, the Middle East, and South and East Asia and over $1.1 billion on criminal fines and disgorgement. One of the matters included the first coordinated resolution with Ecuador and the third with South Africa. Four trials involving individuals charged with FCPA violations were held this year.
In late 2023, the DOJ created the Criminal Division’s International Corporate Anti-Bribery (“ICAB”) initiative aimed to grow the Department’s foreign law enforcement partnerships. Several prosecutors serve as regional ICAB representatives and DOJ has stated that ICAB members helped bring several of this year’s global FCPA resolutions.
Securities, Commodities & Cryptocurrency Enforcement
DOJ’s Market Integrity and Major Frauds Unit resolved three corporate matters and one CEP declination involving over $200 million in criminal penalties. The unit also charged 75 individuals. The schemes involved alleged abuses of 10b5-1 trading plans, insider trading in the equities and commodities market, the largest cryptocurrency nonfungible-token scheme, and the first cryptocurrency open-market manipulation case.
Federal Procurement & Program Fraud
DOJ’s Market Integrity and Major Frauds Unit also investigated and prosecuted fraud in federal procurement and programs. In 2024, DOJ also reached two corporate resolutions with major defense contractors for defective and fraudulent pricing, diversion of federal program funding, and counterfeit electronic parts used by the U.S. military in sensitive defense applications.
Health Care Fraud
DOJ charged 147 individuals for alleged scheme involving more than $3.26 billion in false and fraudulent claims. The Health Care Fraud Unit currently has strike force teams in 26 cities across the nation. Data analytics continues to be a major investigation predicate. The unit’s Data Analytics Team completed 3,229 data requests and 151 proactive investigative referrals. The schemes involved cardio genetic testing, amniotic wound grafts, controlled substance wholesalers, addiction treatment facilities, misbranded medication, laboratory testing, durable medical equipment, and telemedicine.
According to DOJ, telemedicine fraud schemes have “exploded” over the last five years and the Department has responded with seven nationwide enforcement actions. Pharmaceutical distributors also remain an area of focus with ten executives, sales representative, and brokers charged in October 2024 in four federal districts. DOJ also expanded its Sober Homes initiative to combat fraudulent addiction and rehabilitation schemes that targeted Native Americans in Arizona. The initiative has resulted in the over $1.2 billion in alleged false billings for fraudulent tests and treatments for drug and/or alcohol addiction. The Fraud Section has partnered with the U.S. Attorney’s Office for the District of Arizona in this initiative.
False Claims Act
Although not a criminal statute, the False Claims Act is another tool used to combat federal procurement, federal program, and health care fraud. 2024 was a record year for False Claims Act settlements, which exceeded $2.9 billion. The government and whistleblowers were party to 558 settlements and judgments, the second highest total after last year’s record of 566 recoveries, and whistleblowers filed 979 qui tam lawsuits, the highest number in a single year. Settlements and judgments since 1986 exceed $78 billion.
Takeaways
As we look back at the enforcement trends from 2024, there are several key takeaways to consider for the year ahead:
Data Analytics continues to be a mainstay tool for proactive detection and leads in foreign corruption, health care, and financial fraud enforcement. The Fraud Section’s data analytics team identifies outliers, trends, and patterns in federal health care benefit program billing, market activity against public filing disclosures, and even analyzes data compiled in public sources for foreign corruption matters.
Whistleblower and Voluntary Self-Disclosure Programs appear to be working. We previously wrote about each of these programs here and here. According to DOJ, the programs have resulted in 180 tips on new or existing investigations. Companies should implement a robust internal reporting system that allows employees to report potential misconduct comfortably and confidentially. Effectively responding to internal complaints can deter whistleblowers from bypassing the company’s reporting system and provides the company with a documented response to present to the DOJ if necessary.
Foreign Corruption enforcement will continue to expand its international footprint. 2024 resolutions included companies based in China, Germany, Brazil, Spain, Australia, Switzerland, and South Africa. Look to even more enforcement in 2025 with enhanced tools like the Foreign Extortion Prevention Act, the Criminal Division’s International Corporate Anti-Bribery initiative, and the Administration’s renewed focus on Latin America.
Health Care Fraud enforcement provides an average return on investment of $73.04 per $1 spent and over $3 billion in projected savings. Telemedicine, genetic testing, pharmaceutical distributors, and durable medical equipment will remain areas of enforcement focus.
Cryptocurrency remains in focus as the market continues to be fertile ground of market manipulation and schemes that exploit decentralized finance and automated trading. Enforcement will likely continue to include domestic and international laundering of crypto-fraud proceeds.
A copy of the full Year in Review report may be found here.
Saint Paul, Minnesota Enacts “Wage Theft” Ordinance
Beginning January 1, 2025, the City of St. Paul, Minnesota’s Wage Theft Ordinance went into effect. The Ordinance largely incorporates the State of Minnesota’s existing wage theft legislation. However, similar to the Minneapolis Wage Theft Prevention Ordinance, effective in 2020, the City of St. Paul’s new Ordinance contains additional employer obligations for employers with employees working within the geographic boundaries of the City of St. Paul.
Employee Notice Information Required
Minnesota state law requires employers to provide detailed information, in writing, to Minnesota employees at the start of their employment and provide written notice of related changes to employees during employment. As of January 1, 2025, pursuant to Ordinance the notice for covered St. Paul employees must contain the following additional information:
The date on which employment is to begin;
A notice of the City of St. Paul’s minimum wage rates and an employee’s entitlement to such rates;
If applicable to the employee, a statement that the sharing of gratuity is voluntary; and
The overtime policy applicable to the employee’s position, if any, including when overtime must be paid and at what rate[s].
Under the Ordinance, employers may provide the information in the notice by reference to an employee handbook, collective bargaining agreement, or similar document, provided the employee is directed to the specific sections in which such information is contained.
In addition to providing the notice to all new hires, employers must provide the notice to all current, covered employees starting January 1, 2025, if the employer has not already provided the information contained in the notice to the employee. Similar to the state notice, the St. Paul notice must be signed by the employee and any change must be provided to the employee in writing before the change takes effect. Per the Ordinance, however, employers must additionally retain a copy of the initial notice as well as any written changes and records of when the employee received the notice(s).
Employers must provide employees with the notice in the language previously used for communication, or in a different language if the employer is aware the employee prefers it, as long as the Department has published notices in that language.
New Notice Poster Requirements
Annually, employers are required to notify employees of their right under the Ordinance. Employers are also required to post a notice of employees’ rights at the workplace/jobsite, in English and any language spoken by employees at the workplace/jobsite. Where the notice cannot be placed at the workplace/jobsite, employers may satisfy their obligations under the Ordinance by providing physical or electronic copies to each employee or posting the notice of rights on a web or app-based platform.
Additionally, employers must include a notice of employee rights in any handbook provided to employees.
Employers should assess their compliance obligations under the Ordinance and revise any existing handbooks and notices accordingly.
New Tariffs on U.S. Imports from Canada, Mexico, and China
UPDATE (as of Feb. 3, 2025, at 10:45 AM ET): President Trump announced on TruthSocial an agreement with President Claudia Sheinbaum of Mexico to “immediately pause the anticipated tariffs for a one-month period during which we will have negotiations.” No similar such agreement has been announced with regard to Canada or China.
On February 1, 2025, President Trump utilized emergency powers to impose 25% tariffs on U.S. imports of goods from Mexico and most goods from Canada, and 10% tariffs on U.S. imports of goods from China and energy resources from Canada, effective Tuesday, February 4th.1 These tariffs are in addition to any other duties, fees or charges applicable to the imported products. Specific U.S. Harmonized Tariff Schedule classifications impacted will be identified in a forthcoming Federal Register notice, but no product exemptions are identified in the February 1st actions. In retaliation for these new actions, also on February 1st, Canadian Prime Minister Justin Trudeau and Mexican President Claudia Sheinbaum announced plans to implement retaliatory trade measures against U.S. exports to those countries.
The February 1st Executive Orders imposed an array of tariffs:
25% tariffs on all goods from Mexico.2
25% tariffs on all goods from Canada, except for “energy resources” from Canada. “Energy resources” will be subject to a 10% tariff. For purposes of these tariffs, “energy resources” from Canada are defined as: “crude oil, natural gas, lease condensates, natural gas liquids, refined petroleum products, uranium, coal, biofuels, geothermal heat, the kinetic movement of flowing water and critical minerals, as defined by 30 U.S.C. 1606 (a)(3).”3
10% tariffs on all goods from China.4
The tariffs are effective Tuesday, February 4, 2025, with respect to all goods entered for consumption or withdrawn from warehouse for consumption, on or after 12:01 AM Eastern Time. There is a limited exception for goods on the water or in the air at the time the tariffs were imposed: goods that were loaded onto a vessel at the port of loading or in transit on the final mode of transport for entry into the United States before 12:01 AM Eastern Time on February 1, 2025, will not be subject to the additional duties if the importer certifies as much to U.S. Customs and Border Protection (CBP) in accordance with forthcoming procedures.
Goods subject to these additional tariffs are ineligible for duty-free treatment under de minimis provisions (19 U.S.C. 1321), consistent with proposed regulations from U.S. Customs and Border Protection exempting other items subject to special duties from de minimis benefits. In addition, no drawback shall be available with respect to the duties imposed by these Orders. Goods subject to these tariffs that are admitted to a Foreign Trade Zone must be admitted in Privileged Foreign Status, as defined in 19 CFR 146.41.
U.S. import tariffs will be implemented through a Federal Register notice to be issued by DHS modifying the Harmonized Tariff Schedule of the United States (HTSUS) as needed “in order to effectuate this order consistent with law[.]”5 The forthcoming notice may identify narrow products or import classifications exempt from the actions, but the Executive Orders do not signal any products or sectors outside of the scope – nor do the Orders direct any agency to establish an exclusion process through which companies could request to be exempt.
The White House Fact Sheet accompanying President Trump’s Executive Orders focuses on the role of China, Canada and Mexico in “the sustained influx of illegal aliens and illicit opioids and other drugs”6 into the United States. The tariffs will remain in place until the President determines that sufficient action has been taken to alleviate the crisis. The Secretary of Homeland Security, in coordination with the Secretary of State, the Attorney General, the Assistant to the President for National Security Affairs and the Assistant to the President for Homeland Security, are tasked with monitoring the situation and informing the President when the governments of the subject countries have taken adequate steps to alleviate the public health crisis through cooperative enforcement actions.
The Executive Orders also reserve the ability of the President to “increase or expand in scope the duties imposed under [each] order” should the countries retaliate against the U.S. in response to this action through import duties on U.S. exports to those countries. Canada and Mexico are both poised to take countermeasures against the U.S. Prime Minister Trudeau announced that Canada would impose 25 percent tariffs on US $107 billion (C $125 billion) worth of U.S. goods, with a portion of those tariffs effective on February 4th, contemporaneous with the effective date of the U.S. tariffs, and the rest phasing in after a 21-day public comment period.7 The initial measures are expected to impact US $20 billion in exports of U.S. beer, wine and bourbon, fruits and fruit juices, vegetables, perfume, clothing, shoes, household appliances, furniture, sports equipment, lumber and plastics.8 A second wave on another US $85 billion of goods would include tariffs on cars and trucks, agricultural products, steel and aluminum and aerospace products.9 Non-tariff measures are also apparently being considered. President Sheinbaum also stated that Mexico would take retaliatory tariff and non-tariff measures.10 Although her statements did not include details, reporting suggests that Mexico’s government is considering “so-called carousel retaliation, which would periodically rotate the U.S. products subject to retaliatory tariffs.”11 China’s reaction was more muted. China’s Ministry of Commerce issued a statement that “the Chinese government would file a complaint with the World Trade Organization and take unspecified ‘corresponding countermeasures to firmly safeguard its own rights and interests.”12
We expect a rapidly changing trade and tariff environment during the duration of the Trump Administration.
[1] Imposing Duties to Address the Flow of Illicit Drugs across Our Northern Border, Exec. Order (Feb. 1, 2025) (“Canada EO”), available at https://www.whitehouse.gov/presidential-actions/2025/02/imposing-duties-to-address-the-flow-of-illicit-drugs-across-our-national-border/; Imposing Duties to Address the Situation at Our Southern Border, Exec. Order (Feb. 1, 2025) (“Mexico EO”), available at https://www.whitehouse.gov/presidential-actions/2025/02/imposing-duties-to-address-the-situation-at-our-southern-border/; Imposing Duties to Address the Synthetic Opioid Supply Chain in the People’s Republic of China, Exec. Order (Feb. 1, 2025) (“China EO”), available at https://www.whitehouse.gov/presidential-actions/2025/02/imposing-duties-to-address-the-synthetic-opioid-supply-chain-in-the-peoples-republic-of-china/.
[2] See Mexico EO at Sec. 2(a).
[3] See Canada EO at Sec. 2(a)-(b).
[4] See China EO at Sec. 2(a).
[5] See Canada EO at Sec. 2(e); see also Mexico EO at Sec. 2(d); China EO at Sec. 2(d).
[6] The White House, Fact Sheet: President Donald J. Trump Imposes Tariffs on Imports from Canada, Mexico and China (Feb. 1, 2025), available at https://www.whitehouse.gov/fact-sheets/2025/02/fact-sheet-president-donald-j-trump-imposes-tariffs-on-imports-from-canada-mexico-and-china/.
[7] Department of Finance Canada: Government of Canada announces next steps in its response plan to unjustified U.S. tariffs (Feb. 2, 2025), available at https://www.canada.ca/en/department-finance/news/2025/02/government-of-canada-announces-next-steps-in-its-response-plan-to-unjustified-us-tariffs.html.
[8] Department of Finance Canada: List of products from the United States subject to 25 per cent tariffs effective February 4, 2025 (Feb. 2, 2025), available at https://www.canada.ca/en/department-finance/news/2025/02/list-of-products-from-the-united-states-subject-to-25-per-cent-tariffs-effective-february-4-2025.html.
[9] Department of Finance Canada: Canada’s response to U.S. tariffs on Canadian goods (Feb. 2, 2025), available at https://www.canada.ca/en/department-finance/programs/international-trade-finance-policy/canadas-response-us-tariffs.html.
[10] President Claudia Sheinbaum Pardo (@Claudiashein), X (Feb. 1, 2025, 8:07 PM), available at https://x.com/claudiashein/status/1885857655094415528?s=46.
[11] Santiago Pérez, Vipal Monga and Anthony Harrup, Canada, Mexico Want America to Feel the Pain of Tariffs Too, The Wall Street Journal (Feb. 2, 2025), available at https://www.wsj.com/economy/trade/canada-mexico-want-america-to-feel-the-pain-of-tariffs-too-f8119ccd (subscription required).
[12] Zia Weise, China to Retaliate after Trump Fires First Salvo in Trade War, Politico (Feb. 2, 2025), available at https://www.politico.eu/article/china-vows-retaliation-after-donald-trump-likely-trade-war-tariffs-chinese-imports/ (quoting the statement of China’s Ministry of Commerce from the Ministry’s website, available at https://www.mofcom.gov.cn/xwfb/xwfyrth/art/2025/art_a4a4f6e20b034cc78d506731007f1c1f.html).
Legal Precedents Offer Novel Ways for Federal Employee Whistleblowers to Fight Retaliation
The system of anti-retaliation protections for federal employees who blow the whistle or speak out about their agency’s conduct is infamously weak. Under the Whistleblower Protection Act (WPA) and other laws, federal employees seeking relief for an adverse action taken against them for whistleblowing must rely on the Merit Systems Protection Board (MSPB). This quasi-judicial entity is plagued by delays and threatened by politicization.
However, there are several potentially effective but under-utilized legal precedents that can permit federal employees facing retaliation to obtain relief in federal court and not solely rely on the WPA for relief. These precedents have been established by the U.S. Courts of Appeal for the District of Columbia and Fourth Circuits, and offer novel ways to have cases heard in federal court or otherwise bolster retaliation complaints. By utilizing these methods, federal employees can feel more confident and in control, knowing they have better chances of gaining meaningful relief if they face retaliation for whistleblowing, oppose discrimination, prevent the violation of their privacy, and enforce their rights to engage in outside First Amendment protected speech.
First Amendment Rights for Federal Employees
The landmark 1995 case Sanjour v. EPA upheld the First Amendment rights of federal employees to criticize the government in activities outside their employment. This created a legal precedent that provides a strong shield for federal employees to make First Amendment challenges to agency regulations stifling whistleblowing when made outside of work. The case permits federal employees at the GS-15 level or below (higher level federal workers were not discussed in the decision, as the applicant for relief was at the GS-15 level) to seek pre-enforcement injunctive relief if a rule or regulation (which would include an Executive Order) has an improper chilling effect on First Amendment protected speech of an employee’s outside speaking or writing.
William Sanjour was the branch chief of the Hazardous Waste Management Division within the EPA who challenged rules written by the Federal Office of Government Ethics that restricted EPA workers’ rights to speak to environmental community groups.
Because the EPA had warned Sanjour that his acceptance of a cost reimbursement for travelling to North Carolina to give a speech critical of EPA policies concerning waste incineration was in violation of a regulation and could result in adverse action, Sanjour could challenge the “chilling effect” on speech of the government’s rule. The D.C. Circuit upheld the constitutional challenge to a regulation that had a chilling effect on First Amendment protected speech.
If he had waited until he was subjected to retaliation he would have been required to use the WPA to remedy the adverse action. But because Sanjour was challenging an unconstitutional chilling effect of a government regulation, he could obtain injunctive relief directly in federal court and avoid the long delays and other problems when pursuing a case before the presidentially appointed MSPB.
The key precedent established in Sanjour v. EPA, by the U.S. Court of Appeals for the District of Columbia Circuit, was that the Court could issue a nationwide injunction preventing the implementation of the regulation because of its chilling effect on the First Amendment right of employees to criticize the federal government. The court recognized that federal employee speech to the public on matters of “public concern” was protected under the First Amendment, and served a critical role in alerting the public to vital issues:
“The regulations challenged here throttle a great deal of speech in the name of curbing government employees’ improper enrichment from their public office. Upon careful review, however, we do not think that the government has carried its burden to demonstrate that the regulations advance that interest in a manner justifying the significant burden imposed on First Amendment rights.”
The precedent in Sanjour v. EPA means that federal employees who plan on making public statements (outside speaking or writing on matters of public concern) can seek a federal court injunction preventing future retaliation based on their First Amendment rights, if they have a reasonable basis to believe that their government employer would take adverse action against them if they made the public disclosures or violated the regulation. Significantly, First Amendment protected speech should cover criticisms of government policy. Policy disagreements alone may not even be covered under the WPA.
The Sanjour case covers outside speaking and writing, not workplace activities. It affirms a federal employee’s right to engage in conduct such as TV interviews, writing op-eds, and speaking before public interest groups, even if the speech engaged in is highly critical of the government or their government-employer. However, employees would have to give a disclaimer making sure that the public understood they were speaking in their private capacity, and the employee could not release confidential information.
Mixed Cases Combining Title VII Discrimination with Whistleblower Retaliation
Precedent established by two landmark federal employee whistleblower retaliation cases holds that federal employees may have their WPA retaliation case heard in federal court in instances where it is a “mixed case” that also involves discrimination or retaliation under Title VII of the Civil Rights Act. The scope of retaliation covered under Title VII is broader than the coverage under the WPA, and by combining both claims a federal employee can significantly increase both their procedural and substantive rights.
Specifically, when an employee is a member of a protected class (Title VII covers race, religion, sex, national origin, among other classes) it is often hard to distinguish whether retaliation originates from their membership in a protected class, their filing complaints of retaliation under Title VII, or their filing complaints of retaliation covered by the WPA. There is often significant overlap in these types of cases.
While federal employees’ retaliation cases under the WPA are forced to remain with the MSPB, under the Civil Service Reform Act, discrimination cases (and cases of retaliation based on protected activities or whistleblowing covered under Title VII) may be removed to federal court if the MSPB does not issue a final ruling within 120 days.
Dr. Duane Bonds was a top researcher at the National Institutes of Health on sickle cell disease who blew the whistle on the unauthorized cloning of participants’ cells. Dr. Bonds faced retaliation for blowing the whistle, including sex discrimination, harassment in the workplace, and eventual termination.
In 2011, the United States Court of Appeals for the Fourth Circuit ruled in Bonds v. Leavitt that Dr. Bonds’ retaliation and discrimination complaint must be considered a “mixed case” and heard together. Under the Civil Service Reform Act, the court allowed Dr. Bonds to pursue her mixed discrimination and retaliation case before a federal court, and she was not required to continue to pursue her WPA case before the MSPB.
In its ruling in Bonds v. Leavitt, the Fourth Circuit cited an earlier D.C. Circuit ruling in Ikossi v. Department of Navy, which similarly allowed a female whistleblower to pursue a “mixed case” alleging both retaliation and discrimination in federal court. Kiki Ikossi was retaliated against after filing complaints to the Navy Research Lab HR Office for workplace gender discrimination in the early 2000s.
The Bonds and Ikossi decisions are controlling precedent in both the District of Columbia and Fourth Circuit judicial circuits. Thus, these precedents would be binding of federal courts in the District of Columbia, Maryland, and Virginia.
The precedents in Bonds v. Leavitt and Ikossi v. Department of Navy mean that federal employees who face discrimination in addition to retaliation may combine their complaints and pursue their case in federal court if the MSPB delays a ruling (which is the norm given its backlog of cases). However, the rules permitting a mixed case are complex, and require employees to identify their invocation of that right when filing an initial complaint. By carefully following the complex timing and filing requirements mandated under both the WPA and Title VII an employee can have his or her whistleblower case can be heard in federal court, and avoid many of the problems associated with cases pending before the MSPB.
Privacy Act Rights for Federal Employees
Linda Tripp is most famous for her role in the impeachment of President Clinton. However, her retaliation case established a strong precedent protecting federal employees under the Privacy Act. Tripp successfully challenged the Department of Defense when it illegally released confidential information from her security clearance file.
The illegally released file was an act of retaliation for her role in presidential impeachment proceedings. However, Tripp did not seek relief under the WPA. Instead, she was able to bring a Privacy Act complaint before a federal court. The Privacy Act covers requests for information concerning yourself, and federal employees are covered under the law with the same rights as other non-government employees. The Privacy Act prevents federal agencies from collecting or maintaining information based on an individual’s First Amendment activities, it prevents the improper disclosure of information to various persons, including any personal information a government employee or manager may provide to individuals outside of the federal government.
The Privacy Act requires the federal government to provide applicants access to all government records related to the applicant that are not restricted from access under very specific exemptions. Once obtaining the documents a the requestor can request correction of any inaccurate information, or inclusion into a file of the requestor’s statement as to why the documents are not accurate. It requires agencies to maintain a record of who they share information with. The law prohibits improper leaks of information. Moreover, of particular interest to whistleblowers, the law prohibits the government from maintaining records related to any person’s First Amendment protected activities.
The law provides all persons, including federal employees, the right to file a lawsuit in federal court to obtain access to their files and seek damages for the actual harm caused by any leaks or violations of the law. A court can also order an agency to correct information in government files that are inaccurate and prevent agencies from maintaining information in violation of law. Persons who filed successful Privacy Act complaints are entitled to attorney fees and costs related to their lawsuit.
Thus, the Privacy Act offers numerous potential avenues for a whistleblower to use those provisions to obtain protection, information, and relief. For example, as in the Tripp case, when the federal government leaked information covered under the Privacy Act to discredit her, Tripp successfully pursued a Privacy Act for damages and fees. She could attack the illegal retaliation caused by the leak of information through the Privacy Act, and avoid the many limitations of the WPA.
Conclusion
For decades, attempts to reform the WPA and give federal employees the right to have whistleblower retaliation cases heard in federal courts have stalled. Over the years, however, legal challenges to retaliation that avoid the limits of the WPA have produced strong precedents allowing specific federal employees to pursue cases in federal courts as long as they strictly follow the correct technical procedures required under each of the specific law or Constitutional provision.
Federal employee whistleblowers are essential to rooting out fraud, abuse, and misconduct throughout the government. Leveraging these strong legal precedents, which can supplement remedies offered under the WPA, can offer critical avenues to protect federal employees from retaliation and ensure they receive the proper relief when it occurs.
Useful Resources
Government Webpages:
Overview Of Federal Sector EEO Complaint Process
U.S. Office of Special Counsel
U.S. Merit Systems Protection Board
Privacy Act of 1974
Financial Abuse and the Need for Better Financial Services Regulation
In December 2024 the Parliamentary Joint Committee on Corporations and Financial Services (the Committee) published a Report following an inquiry into how well the existing financial services regulatory framework is protecting against financial abuse. The Report highlighted a range of regulatory gaps and considered how financial institutions could better mitigate the risk of financial abuse.
Privacy
Inquiry submissions revealed that existing privacy laws prevent financial institutions from appropriately identifying, responding to and reporting financial abuse. Institutions are currently required to obtain explicit consent from customers before recording any sensitive information in their accounts. This prevents financial institutions from proactively documenting or flagging actual or suspected financial abuse thereby creating a barrier to the provision of appropriate support. It was therefore recommended that privacy legislation be revised to better allow financial institutions to respond to financial abuse cases.
Sector-Specific Reform
While it was recognised that financial institutions were making progress in the implementation of measures to identify and respond to financial abuse, the Committee highlighted the need for reform across all three sectors. The table below outlines some of the key recommendations for each sector.
Key Takeaways
The Committee’s Report has shed greater light on the urgent need to improve the existing regulatory framework to allow financial institutions to explicitly address the widespread risk of financial abuse arising in relation to financial services. To prepare for potential reform, financial institutions should consider the Committee’s recommendations and seek to proactively improve internal mechanisms designed to identify and respond to financial abuse.
*For information on ‘conduct of others’ clauses see our previous alert on general insurance policies.
Tamsyn Sharpe also contributed to this article.
Data Privacy Insights Part 2: The Most Common Types of Data Breaches Businesses Face
As part of Data Privacy Awareness Week, Ward and Smith is spotlighting the most common types of data breaches that businesses encounter.
In Part 1, we explored the industries most vulnerable to cyberattacks, highlighting the specific sectors frequently targeted by cybercriminals. In Part 2, we dive into the most common types of data breaches businesses face and offer actionable strategies to safeguard your organization. By understanding these threats, businesses can take the first step toward mitigating risks and protecting themselves from the costly and damaging consequences of cybersecurity incidents.
Human Error
Human error is at the core of many cybersecurity incidents. According to Infosec, 74% of breaches involve some sort of human element, making education and preventative measures critical.
Phishing Attacks
One of the most common manifestations of human error is phishing. Cybercriminals exploit trust and naivety through deceptive emails that mimic legitimate communications. These emails often trick employees into revealing sensitive information like login credentials or financial data. Businesses can reduce this risk by prioritizing comprehensive employee training to recognize and report phishing attempts.
Stolen Credentials
Closely linked to phishing is the issue of stolen credentials. Weak or reused passwords create openings for hackers to exploit. When an employee’s credentials are compromised, unauthorized access to company systems becomes a reality. Implementing strong password policies and multi-factor authentication (MFA) can significantly reduce this threat.
Ransomware
Ransomware represents an escalation of credential theft and phishing. These attacks encrypt vital business data and demand payment for its release, often causing operational paralysis. They frequently begin with malicious links or attachments. To combat this, businesses should invest in regular data backups and advanced endpoint protection tools.
Insider Threats
While external threats dominate headlines, insider threats—whether intentional or accidental—remain a critical concern. Employees can inadvertently leak data or intentionally sabotage systems. Mitigating this risk requires strong access controls, continuous monitoring, and fostering a culture of accountability.
Misconfigured Systems
Beyond human actions, misconfigured systems represent a technical vulnerability often stemming from human oversight. Improper security settings or cloud storage configurations can expose sensitive data to unauthorized users. Regular audits and vulnerability assessments are essential to identify and fix these issues.
Social Engineering
Building further on human vulnerabilities, social engineering attacks involve manipulation tactics such as impersonation of IT staff or executives. These tactics are designed to extract confidential information or gain unauthorized access to secure systems. Consistent training helps employees detect and resist these threats.
Physical Security Breaches
Cybersecurity measures are incomplete without addressing physical security. The theft or loss of devices like laptops, smartphones, or external drives can lead to unauthorized data access. Encrypting devices and enabling remote wipe capabilities can minimize the impact of such incidents.
Data Loss from Third-Party Vendors
Even with strong internal controls, businesses often depend on third-party vendors, which can introduce additional risks. Ensuring that vendors adhere to stringent data protection standards and conducting thorough due diligence are key steps to minimizing these v
How Businesses Can Protect Themselves
To combat these threats, businesses should adopt a proactive approach to data security:
Employee Training: Regular training sessions ensure employees can identify and respond to potential threats effectively.
Robust Policies: Develop and enforce data protection policies tailored to your organization’s needs.
Incident Response Plans: Have a comprehensive plan in place to respond to breaches swiftly and minimize damage.
Legal Guidance: Work with legal experts to ensure compliance with data privacy regulations and to create enforceable contracts with third-party vendors.
Data breaches can have devastating consequences, but with the right measures, your organization can stay ahead of these threats.
Report Concludes SEC’s Whistleblower Program is a Resounding Success and Essential to Investor Protection
Success of the SEC Whistleblower Program
Benjamin Schiffrin, Director of Securities Policy at Better Markets, published a report titled The SEC’s Whistleblower Program Is Key to Protecting the Economy and Main Street Americans’ Wallets, which concludes that the SEC whistleblower program “has benefited investors by allowing the SEC to pursue enforcement actions resulting in more than $6 billion in monetary sanctions” and identify misconduct that the SEC might not otherwise uncover.
The report identifies additional indications of the success of the SEC whistleblower program:
Whistleblower disclosures result in the return of funds to harmed investors.
In FY 2024, the SEC received approximately 24,980 whistleblower submissions, and whistleblowers have filed over 100,000 disclosures since the inception of the program.
Taxpayers benefit from this critical enforcement tool without having to pay awards from appropriated funds. The awards are paid from the monetary sanctions that the SEC recovers from fraudsters.
Whistleblower confidentiality is a cornerstone of the SEC whistleblower program. Permitting whistleblowers to report anonymously through counsel protects whistleblowers from retaliation and “protects the ensuing investigation by preventing a company from learning that the SEC knows about the misconduct and possibly destroying evidence.”
SEC Whistleblower Program Key to Investor Protection
The report finds that the SEC is already underfunded and lacks the resources necessary to monitor the increasingly complex capital markets and “protect investors from potential misconduct at 33,000 regulated entities, 8,300 reporting companies, and 56,000 private funds.” If Congress forces the SEC to downsize the Division of Enforcement, the SEC would need more help in holding fraudsters accountable and therefore whistleblowers will continue to play a vital role in assisting the government in identifying and prosecuting misconduct. The violations that whistleblowers report to the SEC primarily concern manipulation, offering fraud, corporate disclosures, and crypto fraud.
Suggestions to Improve the SEC Whistleblower Program
Better Markets makes two suggestions to improve the SEC whistleblower program:
Do a Better Job of Communicating with Whistleblowers: “Many whistleblowers receive confirmation that the SEC received their tip and then never hear from the agency again. This makes it difficult for whistleblowers to know how to proceed . . . Communicating with whistleblowers is especially important because it can take years for the SEC to receive a tip, investigate, bring an action, obtain sanctions, and issue an award.”
Provide More Information to Enable the SEC to Understand the Benefits of the Whistleblower Program: “[T]he whistleblower program would benefit from the public’s greater understanding of the assistance that whistleblowers provide . . . and the value to the public of the whistleblower having identified the relevant misconduct.”
FCC Responds to Cybersecurity Threats with CALEA Ruling
Earlier this month, in the waning days of Jessica Rosenworcel’s tenure as Chair of the Democrat-led FCC, the FCC released a Declaratory Ruling concluding that Section 105 of the Communications Assistance for Law Enforcement Act (CALEA) requires telecommunications carriers to secure their networks from unlawful access and interception of communications. Effectively, the FCC determined that CALEA can serve as a hook for additional rules addressing emergent cybersecurity issues.
The Commission also adopted a Notice of Proposed Rulemaking (NPRM) that would apply cybersecurity and supply chain risk management obligations to a broader set of providers.
Commissioners Carr and Simington dissented from the Declaratory Ruling and NPRM. While Chairman Carr frequently references cybersecurity threats, particularly those stemming from state-sponsored actors in the People’s Republic of China (PRC), it is unclear whether the new GOP-led FCC will allow the Declaratory Ruling and NPRM to stand or will pursue another course of action.
Background. Enacted in 1994, CALEA requires telecommunications carriers and manufacturers of telecommunications equipment to ensure that law enforcement agencies have necessary surveillance capabilities of telecommunications equipment, facilities, and services. Notably, under the “substantial replacement” provision of CALEA, the FCC has interpreted the term “telecommunications carrier” for purposes of CALEA to include facilities-based broadband Internet access service (BIAS) and interconnected VoIP providers. [1]
Declaratory Ruling. Previously, the FCC found that Section 105 of CALEA requires telecommunications carriers to avoid the risk that suppliers of untrusted equipment will illegally intercept or surveil a carrier’s switching premises without its knowledge.[2] In the Declaratory Ruling, the Commission imposed an affirmative duty on “telecommunications carriers” (again, including BIAS and iVoIP providers) to secure their networks, and clarified that telecommunications carriers’ responsibilities under CALEA extend to their equipment as well as network management practices.
The FCC concluded that carriers are obligated to prevent interception of communications or access to call-identifying information by any means other than pursuant to a lawful authorization with the affirmative intervention of an officer of the carrier acting in accordance with FCC rules. In adopting the Declaratory Ruling, the Commission puts carriers on notice that all incidents of unauthorized interception of communications and access to call-identifying information amount to a violation of the carrier’s obligations under CALEA.
Within this context, the FCC concluded that Congress has authorized the Commission to adopt rules requiring telecommunications carriers to take steps to secure their networks.
Notice of Proposed Rulemaking. In its NPRM, the FCC proposes to apply cybersecurity requirements to a broad set of service providers, including facilities-based fixed and mobile BIAS providers, cable systems, wireline video systems, wireline communications providers, satellite communications providers, commercial mobile radio providers, covered 911 and 988 service providers, and international section 214 authorization holders, among others (Covered Providers).
The Commission proposes that Covered Providers would be obligated to create and implement cybersecurity and supply chain risk management plans. The plans would identify the cyber risks the carrier faces, as well as how the carrier plans to mitigate such risks. Covered Providers would also need to describe their organization’s resources and processes to ensure confidentiality, integrity, and availability of its systems and services. The plans would require annual certification and be submitted in the Network Outage Reporting System (NORS).
[1] Telecommunications carrier includes:
A person or entity engaged in the transmission or switching of wire or electronic communications as a common carrier for hire; A person or entity engaged in providing commercial mobile service . . . ; A person or entity that the Commission has found is engaged in providing wire or electronic communication switching or transmission service such that the service is a replacement for a substantial portion of the local telephone exchange service and that it is in the public interest to deem such a person or entity to be a telecommunications carrier for purposes of CALEA.
47 CFR § 1.20002(e).
[2] Protecting Against National Security Threats to the Communications Supply Chain Through FCC Programs; Huawei Designation; ZTE Designation, WC Docket No. 18-89; PS Docket Nos. 19-351 and 19-352, Report and Order, Further Notice of Proposed Rulemaking, and Order, 34 FCC Rcd 11423, 11436-37, para. 35 (2019).
CISA + FBI Issue Joint Advisory on Threat Actors Chaining Ivanti Vulnerabilities
On January 22, 2025, the Federal Bureau of Investigation (FBI) and the Cybersecurity & Infrastructure Security Agency (CISA) issued a joint advisory related to previous vulnerabilities in the Ivanti Cloud Service Appliance, including an administrative bypass, a SQL injection, and remote code execution vulnerabilities – previously listed as CVE-2024-8963, CVE-2024-9379, CVE-2024-8190 and CVE-2024-9380.
The alert advises that “threat actors chained the listed vulnerabilities to gain initial access, conduct remote code execution (RCE), obtain credentials, and implant webshells on victim networks. The actors’ primary exploit paths were two vulnerability chains… In one confirmed compromise, the actors moved laterally to two servers.”
According to CISA:
“CISA and FBI strongly encourage network administrators to upgrade to the latest supported version of Ivanti CSA. Network defenders are encouraged to hunt for malicious activity on their networks using the detection methods and indicators of compromise (IOCs) within this advisory. Credentials and sensitive data stored within the affected Ivanti appliances should be considered compromised. Organizations should collect and analyze logs and artifacts for malicious activity and apply the incident response recommendations within this advisory.”