Oct

8

CSC Lets Iranian Government Employee Subscribe to DHS Mailing List

Posted by at 1:06 pm on October 8, 2007
Category: General

Iranian proliferationLast week, an email news list maintained for the Department of Homeland Security by Computer Sciences Corporation (“CSC”) went awry and started routing any reply that someone sent to another person on the list to every subscriber on the list. Some of the cubicle crowd so this as a social networking opportunity and began to send messages declaring their romantic preferences and astrological signs, supporting their favorite sports team (“Go Hogs!”), and promoting their companies products.

Then this message, from a befuddled Iranian, was sent to everyone on the DHS list:

From: Amir Ferdosi

To: DHS Daily OSIR Distribution List

Sent: Wednesday, October 3, 2007 3:24:28 PM

Subject: Is this being a joke?

why are so many messages today?

Amir Ferdosi

Sazeman-e Sana’et-e Defa’

Qom, Iran

If you’ve let your Farsi get rusty, you might not recognize that “Sazeman-e Sana’et-e Defa'” is Iran’s Defense Industries Organization. You may remember, however, that the Defense Industries Organization is the weapons manufacturing arm of the Iranian Ministry of Defense and which has been designated by the State Department under Executive Order 13382 as materially contributing to Iran’s nuclear proliferation activities. DIO is also designated on the Department of Treasury’s List of Specially Designated Nationals and Blocked Entities.

But more importantly, DIO is an agency of the Iranian government is subject to the Iranian Transactions Regulations. When Computer Sciences Corporation put Mr. Ferdosi on the DHS email list, it arguably violated the Iran sanctions. And before anybody starts yakking about the information exception in section 560.210 of those regulations, let me remind you that the exception only applies to information already in existence at the time Ferdosi subscribed — it does not apply to information sent in future emails. Iranians can order copies of books and magazines, but can’t subscribe to them under current regulations.

It is, of course, possible that CSC had no idea that Mr. Ferdosi was an employee of the Iranian Ministry of Defense, although since his email was probably something like [email protected], that should have been obvious. More likely, Ferdosi was automatically added to the list without human intervention. This, once again, demonstrates the perils of sanctions compliance over the Internet. I would imagine that by now CSC has removed Mr. Ferdosi from the list and has a block on subscriptions coming from emails ending in “.ir”.

Permalink

Bookmark and Share

Copyright © 2007 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

One Comment:

I think we can all agree that blocking the obvious is part of due diligence when selling on or subscribing to an online site. In this case it sounds like that didn’t happen.

Having worked for a large computer company a more difficult question we wrestled with all the time is how do you recognize and block an email address that is routed through various servers before it gets to your site? For every avenue blocked there are 10 more into the site.

Comment by Linda on October 8th, 2007 @ 7:30 pm