Comment

False Claims, Real Threats: Cybersecurity Noncompliance and the False Claims Act’s Materiality Standard

Charlotte Bairey

B.A., The University of Chicago, 2020; J.D. Candidate, The University of Chicago Law School, 2026.

Many thanks to the staff of The University of Chicago Legal Forum for their endless hard work and support during the writing process, as well as to Professor McAdams for his guidance. I am also grateful to my parents for their encouragement and for entertaining many conversations about the False Claims Act over the past year.

This Comment examines the challenges of applying the False Claims Act’s (FCA) materiality standard to cybersecurity noncompliance by federal contractors. Although the Department of Justice’s Civil Cyber-Fraud Initiative seeks to hold government contractors accountable for misrepresenting their adherence to federal cybersecurity standards, courts have inconsistently applied the “holistic” framework for determining materiality established by the Supreme Court in Universal Health Services v. Escobar. Cybersecurity-related FCA claims face unique obstacles when it comes to showing materiality because noncompliance is widespread, national security interests complicate the government’s payment decisions, and government agencies may continue contracting with noncompliant entities out of necessity. This Comment argues for a clarified materiality framework that emphasizes two Escobar factors—whether compliance was an express condition of payment and the degree of noncompliance—while deemphasizing continued government payment as evidence of immateriality. Such a standard would better reflect the realities of cybersecurity contracting and preserve the FCA as an effective deterrent against cybersecurity fraud threatening national security.

TABLE OF CONTENTS