Archive for the ‘BIS’ Category


Jan

24

OFAC Designation of Putin’s Spy Agency May Trip Up U.S. Exports


Posted by at 9:47 pm on January 24, 2017
Category: BISEncryptionOFACRussia SanctionsSanctions

Vladimir Putin via http://en.kremlin.ru/events/president/news/27394 [Fair Use]The recent OFAC sanctions on Russia’s FSB né KGB, which is the Kremlin’s spy agency, may have unintended consequences. According to this article on the Russian website by my friend Иван Ткачёв (Ivan Tkachev) the FSB, besides doing typical spy things, is also responsible for overseeing the importation of encryption devices into Russia. This shouldn’t come as a big surprise since the NSA, our very own spy agency, has its nose in the encryption export business as anyone who has ever filed an annual self-classification report or a semi-annual sales report for encryption products knows perfectly well.

For items where encryption is a primary function, an FSB approval of the product is necessary prior to import. For items where encryption is ancillary (such as mobile phones, laptops, etc.) notification must be given to the FSB. Clearly a request for approval filed by a U.S company with the FSB is now forbidden. Even a notification for ancillary encryption products may be problematic.

A prior designation of FAU Glavgosekspertiza Rossii, a Russian federal agency that it is required to approve construction project designs, created similar unintended consequences and led OFAC, on December 20, 2016, to issue a general license permitting U.S. companies to seek reviews from FAU Glavgosekspertiza Rossii for certain construction projects in Russia. Perhaps a general license will be issued to permit filing these encryption notices and approval requests with the FSB, but there is no telling when at this point.

The other issue which may occur and which would require action by the Bureau of Industry and Security is that the FSB was also added to the Entity List. If the notifications or approval requests contain any technology subject to the EAR, a BIS license is required. It seems likely that this will be the case given the broad definition of technology in the EAR unless all the information in the documents supplied to the FSB has been “published” as defined in section 734.7 of the EAR.

 

Permalink Comments (2)

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Nov

30

Maybe There’s a Good Idea Lurking in Tom Fox’s Stealth Advertorial


Posted by at 4:44 pm on November 30, 2016
Category: BISCivil PenaltiesCompliance Programs and ProceduresCriminal PenaltiesDDTCFCPAOFAC

Internet Email by twitter.com/mattwi1s0n [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://flic.kr/p/75rLY [cropped and processed]

Over at the excellent FCPA Compliance & Ethics Blog, Tom Fox has a plug for email monitoring software disguised as a blog post.  He’s even doing a “webinar” with the software developers — completely free, of course —  presumably to push the sales of this product.

Notwithstanding what might not be his completely objective take on this software product, Fox raises a good issue that might warrant consideration for incorporation into your export compliance program.  I assume everyone reading my blog and this post is acutely aware that a robust compliance plan is the best insurance against getting taken to the cleaners by the DoJ and the export agencies after it is discovered that an employee in your Hamburg office has been shipping  your U.S. origin night vision to Iran.  But what does your compliance program do proactively to ferret out such problems?  Fox suggests that companies should consider periodic email sweeps for keywords

The concept is straightforward; at regular intervals you can sweep through your company email database for identified key words that can be flagged for further investigation, if required.

So, should you consider sweeping all emails for keywords such as “Iran” or “Syria”? What other keywords might help pinpoint export compliance problems? “Jail”? “Orange Jumpsuit”? “Export License,” as in “let’s avoid fussing with that stupid export license requirement”? Are there keywords that can identify times when employees say something like “Call me, since we shouldn’t put this in writing”?

While I think such an approach is a nice shiny bauble that can be dangled in front of prosecutors and enforcement agencies and therefore is worth considering, I also wonder whether such sweeps will actually be effective in detecting violations. First, in my experience, most of the problems come from sales employees outside the United States who don’t think U.S. laws should interfere with their commissions. Foreign privacy laws, particularly in the E.U., often pose barriers to rifling through foreign employees’ emails. Second, in my experience, employees, particularly those with mischief in their hearts, are much too savvy to talk openly in emails about their transshipment schemes. They almost always use code of some kind to conceal what they are up to. These employees and their code words are normally not clever enough to fool prosecutors, but those code words — like “the country we discussed” or “Middle Earth” — will easily evade keyword email sweeps.

Any thoughts on this? Share your experiences (anonymously if you wish) in the comments section.

Photo Credit: Internet Email by twitter.com/mattwi1s0n [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://flic.kr/p/75rLY [cropped and processed]. Copyright 2003 twitter.com/mattwi1s0n

Permalink Comments (5)

Bookmark and Share


Copyright © 2016 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Nov

18

Friday Grab Bag


Posted by at 4:41 pm on November 18, 2016
Category: BISIran SanctionsOFACSyria

Grab BagHere are a few recent developments that you may have missed:

  • The House voted yesterday to nullify the impact of a license granted by the Office of Foreign Assets Control (“OFAC”) in September which would allow Boeing to sell civil aircraft to Iran.
  • On Tuesday the House passed a bill to extend the Iran Sanctions Act for another 10 years. The bill, weighing in at around 50 words, makes no changes to the Act beyond extending its expiration date.
  • The Caesar Syria Civilian Protection Act of 2016 was passed by the House on Wednesday. Named after the alias of a military photographer who has taken pictures of the conflict in Syria, the act would require blocking of foreign persons, including presumably the Russians, who provide “significant” support to the Government of Syria or the Central Bank of Syria. It will be interesting to see how this plays out if the new Administration carries out its apparent desire to cooperate with Russia in Syria. Although Russia is fighting ISIS there, it is also supporting the current Syrian regime of Bashar al-Assad.
  • The temporary general license granted by the Bureau of Industry and Security (“BIS”) to permit exports to ZTE notwithstanding its inclusion on the Entity Listwas extended by BIS today until February 27, 2017. ZTE was put on the Entity List after it diverted U.S.-origin goods to Iran.
Permalink Comments Off on Friday Grab Bag

Bookmark and Share


Copyright © 2016 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Nov

17

Guilty As Charged


Posted by at 8:59 pm on November 17, 2016
Category: BISChinaNorth Korea Sanctions

Fat Man and Little Boy via KCNA [Fair Use]Oh dear. Apparently His Rotundity, the Dear Leader of North Korea, is annoyed that people that he can’t throw into internment camps and execute are mentioning that his aspirations to become a triathelete have been sabotaged by third and fourth helpings of yangnyeom tongdak. The chief offenders appear to be Internauts in China that refer to Kim Jong Un as Jin San Pang which, apparently, translates as — snicker, snicker — Kim Fatty the Third.

This blog, following the long-standing tradition of ridiculing the appearance of national enemies, has been on the forefront of suggesting that the Nork Dictator might benefit by a few less cigarettes and a few more jogs around the Chosŏn’gŭl: 55호 관저, his main palace. But we haven’t gone quite as far as Jin San Pang. Even with our post titled Fat Man Sanctioned Over Little Boy

Jin San Pang, aka His Obesity Kim Jong Un, has asked China to censor the use of Jin San Pang on Chinese websites. In the grand tradition of the Chinese government, they have both completely censored the offensive, if accurate, nickname Jin San Pang, at the same time that they have denied censoring the name and expressed shock and profound disappointment that anyone would dare to suggest that they would tamper with free speech on the Internet.

Permalink Comments (1)

Bookmark and Share


Copyright © 2016 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Nov

4

Sometimes Once Doesn’t Mean Once


Posted by at 9:20 am on November 4, 2016
Category: BISEncryption

Blue Hour Capitol Building
My dog Maisie shamelessly plugging the historic Cubs victory in the 2016 World Series

This blog previously reported on the recent changes to the encryption rules.   One less-than-carefully drafted provision in those amendments has been causing some confusion relating to the annual self-classification reports

The issue is whether an item once listed on a self-classification report needs to be relisted on subsequent reports.  Before the recent amendments, products needed to be relisted on subsequent reports for each year in which they were exported during the time frame covered by the classification report.

The new rules say this:

Your encryption self-classification report must include the information described in paragraph (a) of Supplement No. 8 to part 742 for each applicable encryption commodity, software and component made eligible for export or reexport under § 740.17(b)(1) of the EAR. Each product must be included in a report only one time. However, if no new products are made eligible for export or reexport during a calendar year, you must send an email to the addresses listed in paragraph (e)(3)(ii)(A) of this section stating that nothing has changed since the previous report.

At least one law firm has, with some justification, read the language saying that a product must be “included in a report only one time” to mean that items need not be included in subsequent annual reports unless, presumably, the encryption functionality of the item has changed.

At the BIS Update 2016, BIS officials made clear that they do not think that the language means what it appears to say. Instead, they asserted, items needed to be included on subsequent annual self-classification report even if encryption funtionality of the item has not changed since the last report. Apparently the language is thought by the agency to mean that you only have to list an item once on the same report, although why anyone ever thought that they would have to list any product more than once on the same report is puzzling.

No one from the agency, however, at least that I heard, could explain what “becomes eligible for export” means. The reporting requirement in the previous version was for items “exported or reexported pursuant to an encryption registration.” Unfortunately this new language requiring the listing in the report of every encryption item “eligible for export” during the reporting period would appear to apply to every encryption item that the company filing the report might have been able to export during the reporting period.  This would be the case whether or not it was actually exported. The safest course, then, for upcoming self-classification reports is to include every item with encryption functionality that was available for sale during the reporting period.

Note: My apologies for the picture of my dog wearing a Cubs hat.  However, there’s this:  (a) the Cubs victory justifies all actions by longtime Cubs fans that are not otherwise illegal, immoral or rude and (b) a dog picture is the only possible way to make a post about BIS’s encryption rules even vaguely interesting.

Photo Credit: Go Cubs Go! by Clif Burns, via www.clifburns.net. Copyright 2016 Clif Burns

Permalink Comments Off on Sometimes Once Doesn’t Mean Once

Bookmark and Share


Copyright © 2016 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)