Next Monday, the nine justices of the U.S. Supreme Court will hear arguments in Free Enterprise Fund and Beckstead and Watts v. Public Company Accounting Oversight Board (PCAOB) and United States of America. If the plaintiffs are successful, they could unravel one of the most used and persuasive tools in security technology sales: the Sarbanes-Oxley Act of 2002.

The particulars of the case aren’t really that important, but I’ll recount them quickly. Beckstead was a small accounting firm in Henderson, Nev. (just outside Las Vegas). It was audited by PCOAB in 2004 for compliance with Sarbanes-Oxley and several deficiencies were found. However, the cost of compliance was so high that it forced Beckstead to go out of business.

Now, here’s where things get interesting. Beckstead decided to sue PCOAB not over the deficiencies found, but rather the oversight board’s very right to existence.

You see, Congress created PCOAB as an independent regulatory and oversight arm for the enforcement of Sarbanes-Oxley. The idea was for PCOAB to operate free of political influence and have the ability to pay market rates for its experts. Sounds like a good idea, considering the political and financial fallout created by the collapse of companies like Enron and Global Crossing that inspired SOX in the first place.

However, Beckstead’s lawyers -- Michael A. Carvin and Noel J. Francisco, partners at the giant law firm Jones Day - think they have found a loophole not in SOX, but the Constitution that could be the PCOAB’s and the law’s undoing. The government and its regulatory enforcement agencies operate under a system of checks and balances. In many cases, that means the president appoints the governing board and Congress confirms their appointment. A similar process would be used for the removal of officers (think impeachment). But the way SOX created PCOAB, the body is free of both congressional and an executive branch oversight, and that makes SOX unconstitutional, Beckstead’s lawyers will argue.

Now, legal scholars and experts say Congress could simply fix the bill by amending SOX to include congressional and presidential oversight. However, that could be enough to open SOX for rewriting and reinterpretation. In other words, a legal victory for Beckstead could unravel SOX.

Why is this important to security vendors and solution providers? Basically, it comes down to Section 404, which spells out the security and integrity of data used to compile reporting for SOX compliance. Many auditing firms have used 404 as a lever for imposing stringent security technology requirements on publicly traded companies regulated by SOX and their business partners. SOX security compliance has proven effective for vendors and solution providers, as it forces regulated enterprises to spend billions of dollars on technology that, many times, doesn’t prevent security incidents but does make them compliant with the law.

In 2007, PCOAB changed the security requirements, placing the onus on auditors to prove a causal relationship on security requirements to SOX-governed data. Nevertheless, SOX has proven a resilient justification for securing spending.

Should Beckstead succeed in its arguments, SOX could be rendered inert and that will have a serious impact on the sales and messaging of security solutions. Granted, there are plenty and a growing number of federal and state security regulations - particularly those involving security breach disclosure and the protection of electronic medical records - the defeat of SOX will cast doubt in the minds of security decision-makers for some time to come.