PHILADELPHIA – A local law firm’s litigation against a group of U.S. military entities over the imposition of an email block the defendants put on its website server, which prevented the firm’s attorneys from receiving emails from federal agencies under the defendants’ control, was dismissed one week after its filing.
Cohen Seglias Pallas Greenhall & Furman, P.C. of Philadelphia filed suit in the U.S. District Court for the Eastern District of Pennsylvania on April 18 versus Defense Information Systems Agency, United States Army Cyber Command, Joint Forces Headquarters and United States Department of the Army, all of Washington D.C.
“On or about March 22, 2024, plaintiff discovered that it was not receiving email messages from any U.S. Department of Defense (DoD) mail servers originating from the email domain ‘.mil’ including, for example, army.mil, navy.mil, af.mil, mail.mil. It should be noted that email messages from the Armed Services Board of Contract Appeals (ASBCA) use the ‘mail.mil’ domain name and the plaintiff has many Contract Disputes Act appeals, on behalf of its clients, pending before the ASBCA,” the suit stated.
“Plaintiff subsequently learned that defendants had, without warning or any valid reason, placed an Email Reputation Service (ERS) block on the cohenseglias.com domain ‘due to an ongoing risk on the site that was detected as recently as March 19, 2024.’ As further explained below, the alleged ‘risk’ was not specifically identified, other than a vague reference to the possibility that malware was being hosted. This ‘block’ prevented federal agencies under defendants’ control from sending email messages to plaintiff’s attorneys.”
The suit explained that an ERS block means that the domain “cohenseglias.com” was “placed into IP address database that intercepts outgoing email messages and prevents their transmission” and “unfortunately, in this case, the block was imposed by mistake and it was only after noticing that anticipated responses from government agencies were not being received, that the plaintiff discovered that there was a block.”
“This ERS block was imposed without notice to plaintiff, and federal agencies were unaware of the block because their outgoing email messages did not generate bounce-back messages. Plaintiff was similarly unaware that communications were being sent and not received. Curiously, email messages sent by the plaintiff to federal agencies were received by those agencies. In other words, the block was one-sided and only affected outgoing email messages from the federal entities. Plaintiff’s Government Contracting Group was formed in 2009 and has represented hundreds of government contractors in matters involving federal agencies and has never, until now, suffered an interruption of email service. The law firm receives thousands of emails daily, including many from federal agencies that do not have a ‘.mil’ email address without encountering any problems. In fact, in the approximately 15 years before this unwarranted ERS block was imposed, the plaintiff has not encountered a single interruption or blockage of its email service from any source, and most assuredly not from any federal government site,” the suit said.
“Upon discovering the ERS block, plaintiff promptly contacted Army IT personnel at USACE, who were very cooperative and explained that defendant DISA would need to address the issue. Out of an abundance of caution, plaintiff’s IT personnel contact the firm’s own email security gateway service, Mimecast, to determine whether the plaintiff’s security protocols were blocking the incoming messages. Mimecast reported that no email messages from ‘.mil’ had been blocked by the plaintiff’s system and, in fact, there was no indication that any message from ‘.mil’ had been received by the plaintiff’s email server. Plaintiff then contacted its Web hosting service that controls its email service, to determine whether they could identify any reason for the blockage at the plaintiff’s end. The Web hosting service performed a scan and reported that there was nothing on the plaintiff’s system that was preventing the receipt of email messages from ‘.mil’ and that there was nothing of a suspicious nature that could have served as a red flag to any federal agencies. This was later reported to DISA.”
When the plaintiff’s IT personnel contacted the Global Service Desk at Defendant DISA to seek their assistance, they were informed that “USACE needed to submit a ticket, known as an infrastructure request, before DISA could investigate the matter.”
USACE reported, later that day after submitting the ticket, that DISA “had declined to take remedial action because plaintiff’s email server and website had been found to contain malware.” However, the prior security scan by the plaintiff’s Web hosting service had confirmed that this was not the case.
“On March 29, 2024, plaintiff’s IT personnel contacted DISA again and asked what else could be done. DISA instructed plaintiff to contact the Joint Forces Headquarters (JFHQ) who was responsible to coordinate such matters with various DoD agencies. JFHQ informed plaintiff that it could only remove the ERS block if another agency, ARCYBER, agreed to ‘accept the risk’ and authorized JFHQ to take remedial action. Subsequently, on April 3, 2024, JFHQ advised plaintiff to Contact ARCYBER and they instructed plaintiff to submit all of its background information on the problem to a group mailbox. ARCYBER replied to plaintiff’s IT personnel on April 5, 2024 and stated that a request for assistance would need to come from USACE and could not come from the plaintiff (even though ARCYBER had asked plaintiff to send it all of the background information). Furthermore, ARCYBER stated that USACE would need to submit a ticket request to DISA in order to get the process started. This process, it was explained, would require USACE and DISA to investigate the cause of the block,” the suit stated.
“Plaintiff, on April 5, 2024, informed ARCYBER that a ticket had already been submitted by USACE to DISA on March 29, 2024 bearing Ticket No. 2990466. ARCYBER stated that they had not received any of the required test results which should have been obtained by USACE and DISA. The prior history notwithstanding, DISA required USACE to submit a new ticket on April 5, 2024 and Ticket No. 2993696 was promptly furnished. What followed was a classic example of plaintiff being handed off from one defendant to another with no resolution in sight, as plaintiff attempted to obtain a status update. The only information that was reported by ARCYBER, orally, was that plaintiff’s servers had been identified as ‘vulnerable’ for unspecified reasons. On information and belief, the defendants USACE and DISA have not performed the testing that is required to validate the security of plaintiff’s website and email hosting server, and nothing is being done to authorize JFHQ to unblock plaintiff’s receipt of email.”
According to the suit, the plaintiff’s website and email server “do not host malware or any inappropriate content and any such violation would have been quickly detected and removed by the firm’s own security gateway, Mimecast, if it actually existed” and “the ERS block imposed by the defendants was caused by a malfunction or computer ‘glitch’ on their end and they have failed to grasp the urgency of this matter and the need to take appropriate and swift remedial action.”
“It is inconceivable that something occurred overnight on March 22, 2024, that overcame 15 uneventful years of electronic communication by plaintiff without incident. Significantly it is only the ‘.mil’ email extension that is being blocked and no other website, federal agency, board of contract appeals (other than the ASBCA), or federal court has failed to communicate with the plaintiff. Despite plaintiff’s diligent efforts to resolve the matter, and after over two weeks of waiting with no remedy in sight, defendants have failed to lift the unwarranted block, necessitating this action,” the suit said.
“On April 12, 2024, a further status inquiry to DISA was made and the reply was ‘If there is no further risk detected the block would be removed on/around 18 May.’ This is outrageous and the plaintiff should not be required to wait that long for the Government to correct its mistake. The plaintiff is caught in a bureaucratic quagmire with no federal agency willing to promptly address the issue for which the defendants are solely responsible. The lack of any sense of urgency, or sincere interest in a prompt remedy, by the defendants is outrageous and warrants immediate relief.”
One week after its filing and before the defendants could respond to the complaint, the plaintiff voluntarily dismissed it on April 25.
“Plaintiff Cohen Seglias Pallas Greenhall & Furman, P.C., by and through its undersigned counsel, hereby dismisses this action pursuant to Rule 41(a)(1)(A),” the voluntary dismissal notice said.
Attorney Michael H. Payne, who had brought the suit on behalf of the firm, further explained the rationale for its swift withdrawal.
“We withdrew the case because DISA recognized that the block was a mistake and removed it,” Payne stated.
The plaintiff was represented by Michael H. Payne of Cohen Seglias Pallas Greenhall & Furman, in Philadelphia.
The defendants were represented by Landon Y. Jones of the U.S. Attorney’s Office for the Eastern District of Pennsylvania, in Philadelphia.
U.S. District Court for the Eastern District of Pennsylvania case 2:24-cv-01619
From the Pennsylvania Record: Reach Courts Reporter Nicholas Malfitano at nick.malfitano@therecordinc.com