Archive for the ‘BIS’ Category


Oct

12

Happy Sudan Day!


Posted by at 7:44 pm on October 12, 2017
Category: BISOFACSudan

Meroe (49) by joepyrek [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://https://flic.kr/p/dD4ue9 [cropped]Today, October 12, is the day on which Executive Order 13067, which repealed earlier executive orders imposing sanctions on Sudan, becomes effective. We got here by a somewhat circuitous route. Executive Order 13067, issued in the last days of the Obama administration, delayed its effective date until July 12, 2017, although OFAC issued a general license at the time the order was issued doing everything the order would do when it became more or less permanently effective on July 12, 2017. The Trump Administration extended that effective date until October 12, 2017. Since no further orders have been issued, the lifting of sanctions contemplated by the Obama executive order is now in effect, although practically nothing much has changed given that the general license issued with the Obama order, and found in section 538.540 of the Sudanese Sanctions Regulations (“SSR”), did everything the executive order itself does now that it has officially gone into effect.

Of course, when the Office of Foreign Assets Control is involved, there is always some confusion. In the FAQs issued on the revocation of the Sudan Sanctions, OFAC makes this odd statement: “OFAC expects to remove the SSR from the C.F.R.” When that will happen and why on earth it didn’t happen today is not addressed. So, technically, the rules prohibiting Sudan transactions remain on the books although fortunately so does the general license in section 538.540. Perhaps the new folks at OFAC don’t know the difference between the printed edition of the C.F.R., where removal has to wait to the next edition, and the electronic edition, where the SSR can be removed virtually immediately.

The lifting of the sanctions on Sudan, as a practical matter, means that all imports from Sudan are permitted and most EAR99 items can be exported to Sudan. Since Sudan remains a state sponsor of terrorism, section 7205 to the Trade Sanctions Reform and Export Enhancement Act of 2000 requires a license for all exports of agricultural commodities, medicine and medical devices to Sudan. These are covered by the general license in 538.540 and the new General License A, both of which permit exports of these items pursuant to a written agreement during the one-year period from the signing of the agreement. The lifting of the sanctions has no effect on the export restrictions in the Export Administration Regulations which require licenses for exports of Sudan for most items with an ECCN other than EAR99 or items listed in Supplement 2 to Part 742 (which includes some EAR99 items). And the arms embargo on Sudan in section 126.1 of the ITAR continues to remain in effect.

Permalink Comments (0)

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Sep

22

Export Control Reform Arrives (Soon?) For Small Arms


Posted by at 4:00 pm on September 22, 2017
Category: BISDDTCExport Reform

Gun Show by M&R Glasgow [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://flic.kr/p/EfXLa [cropped]Rumors have begun to circulate that export control reform is coming to USML Category I small arms despite thoughts that this might never happen. The reporters in this Reuters article, who clearly have little background in export policy and reform, have fallen on their fainting couches, clutched their pearls, and conjured up terrifying images of an out-of-control international arms bazaar that will result. This is, of course, silliness. Thousands of items have transitioned from the USML to the 600 series of the Commerce Control List without military items falling willy-nilly into the hands of foreigners.

There are two issues I think are worthy of comment without histrionics. The first relates to brokering issues. I have been a critic of DDTC’s brokering rules, not because of their concept, but mostly because of their implementation. The rules have been improved by restricting the registration and licensing requirements to brokers who are U.S. citizens or who are located in and acting from the United States. But I think that potentially removing small arms shipments from the restrictions of the brokering rules is not necessarily a good idea. Remember that the reason that these were passed in the first place was that U.S. persons were shipping small arms from foreign countries to regional disputes and rebellions outside the United States where those arms were used for genocide or otherwise against the foreign policy of the United States. The EAR has no controls on brokering and would not control export of foreign-manufactured arms (without U.S. content) to areas outside the United States by U.S. citizens or persons in the United States. The brokering issue is negligible when we talk about other transitioned items, like certain military aircraft parts. But the issue is front and center when it comes to small arms.

Another interesting effect of transitioning small arms to the CCL, and one that will be probably a beneficial one, relates to the issue of providing firearms training to foreign persons. As it stands, the definition of defense services in section 120.9 covers ” training … foreign persons … in the … maintenance, … operation, … or use of defense articles.” So a U.S. person could not show a foreign person how to clean a rifle but could provide a copy of the publicly available rifle manual with cleaning instructions to the foreign person. After transition of the rifle as a 600 series item to the EAR, since the information on how to clean the rifle is published, a U.S. person could show the foreign person how to clean the rifle rather than just provide a copy of the manual. This, of course, seems a much more sensible result.

Photo Credit: Gun Show by M&R Glasgow [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://flic.kr/p/EfXLa [cropped]. Copyright 2007 M&R Glasgow/span>

Permalink Comments Off on Export Control Reform Arrives (Soon?) For Small Arms

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Sep

11

Florida Imposes Its Own Embargo on Cuba


Posted by at 5:34 pm on September 11, 2017
Category: BISCuba SanctionsOFAC

Rick Scott Head Shot by Rick Scott [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://flic.kr/p/7Td7dc 2007 [cropped]Last week, before other things got in the way, Florida governor Rick Scott looked in the mirror and suddenly realized that he had been elected by the American voters to run the foreign policy of the United States. So, without further delay, Scott announced that Florida would cut off all state funding for any port that permitted traffic to Cuba. As a result, the ports in Everglades and Palm Beach cancelled memoranda of understanding that they were planning to sign with Cuban officials visiting the state.

Now, of course, we all understand that Governor Scott’s 8th grade civics class may not have covered some of the finer points of the U.S. Constitution, and we also understand that Cuba-bashing is a favorite sport for Florida politicians, but even a quick review of the Supreme’s Court’s decision in Crosby v. National Foreign Trade Council reveals the problems with the governor’s actions here. In Crosby, Massachusetts prohibited state agencies from buying goods from companies that did business with Burma. The Supreme Court held that the law was preempted by the Supremacy Clause of the United States Constitution. In doing so, the Court noted that the Massachusetts law interfered with the ability of the federal government to conduct foreign policy with respect to Burma. Central to that holding was the court’s finding that the Massachusetts law penalized companies for engaging in trade with Burma that was expressly permitted by the federal sanctions against Burma

Here, Governor Scott’s threat extends to all trade with Cuba, even if that trade is permitted by a specific or general license. So, to take a timely example, it is legal, under section 515.591 of the Cuban Assets Control Regulations and License Exception SCP of the Export Administration Regulations to export goods and services to Cuba to assist with rebuilding infrastructure damaged by Hurricane Irma. Yet, under the threatened action, if that relief is shipped through a Florida port, that port will be penalized by Florida. This does seem, shall we say, pretty ungrateful under the circumstances: Irma’s strength, and impact on Florida, was lessened by the time she spent wreaking havoc on the northern coast of Cuba. Florida ought to think of that before blocking aid to Cuba in rebuilding destroyed infrastructure.

Photo Credit: Rick Scott Head Shot by Rick Scott [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://flic.kr/p/7Td7dc 2007 [cropped]. Copyright 2007 Rick Scott

Permalink Comments (1)

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Aug

24

BIS Implements Wassenaar’s Note 4 Amendment: Accentuate the Positive


Posted by at 10:07 am on August 24, 2017
Category: BISEncryption

Maxwell Smart's Shoe Phone [Fair Use]Last week the Bureau of Industry and Security published a final rule implementing the changes adopted by the December 2016 Wassenaar Arrangements Plenary meeting.  Most of these changes are the usual nits and quibbles cooked up to justify a nice government-paid international trip by the delegates.  Like this:

The Heading of 1C608 is amended by adding double quotes around the defined term “energetic materials” …

The most interesting change, however, at least in my view, was the re-working of Note 4, which provides a broad exception to export controls on encryption.   Allegedly, the change wasn’t supposed to change anything, and BIS’s notes to the amendments say just that.   This, of course, would lead ordinary people to wonder why change something you don’t want to change, but, of course, I guess they felt guilty charging their governments for simply re-arranging semicolons, adding quotation marks and correcting spelling errors in the Wassenaar lists.

Part of the problem in the new, improved version is that it’s going to be harder to explain to clients.  Anyone who has spent much time dealing with software engineers on encryption export matters will immediately see the difficulties ahead.   (That means anyone who has had to argue with a software engineer that his program is still covered even though the encryption routines are called from the operating system.)  This post is intended to help you in that process (as well as to make fun of a note added to 5A002 by the amendment).

So, let’s take a quick trip down memory lane and now look at the text of the old Note 4.

Note 4: Category 5—Part 2 does not apply to items incorporating or using ‘‘cryptography’’ and meeting all of the following:
a. The primary function or set of functions is not any of the following:
1. “Information security”;
2. A computer, including operating systems, parts and components therefor;
3. Sending, receiving or storing information (except in support of entertainment, mass commercial broadcasts, digital rights management or medical records management); or
4. Networking (includes operation, administration, management and provisioning);
b. The cryptographic functionality is limited to supporting their primary function or set of functions. …

Under the new amendments, the idea is “the creation of positive text in 5A002.a to specify the items subject to control.” I bet the entire encryption world was anxiously awaiting that, don’t you? So, to create this, er, “positive text” subsections 1, 2 and 4 have been moved to the text of ECCN 5A002. Subsection 1 becomes 5A002.a.1, subsection 2 becomes a.3 and subsection 4 becomes a.2 as follows:

a. Designed or modified to use ‘cryptography for data confidentiality’ having ‘in excess of 56 bits of symmetric key length, or equivalent’, where that cryptographic capability is usable without ‘‘cryptographic activation’’ or has been activated, as follows:
a.1. Items having ‘‘information security’’ as a primary function;
a.2. Digital communication or networking systems, equipment or components, not specified in paragraph 5A002.a.1;
a.3. Computers, other items having information storage or processing as a primary function, and components therefor, not specified in paragraphs 5A002.a.1 or .a.2

And, if you look closely, you can see that part of 3 was slipped into a.3 when it references items having “information storage” as a primary function. (Operating systems now get caught in 5D002.a.1 which controls software for the use of computers described in 5A002.a.3).

But what about items with the primary purpose of sending and receiving information? In the software context, this meant, for example, email and FTP programs, which were not considered eligible for the Note 4 exemption. You have to assume that is now captured by a.2, which talks not just about networking but also about “digital communication.”

That leaves subsection b on Note 4, which, frankly, never seemed to apply to much of anything. That now becomes a.4:

Items, not specified in paragraphs 5A002.a.1 to a.3, where the ‘cryptography for data confidentiality’ having ‘in excess of 56
bits of symmetric key length, or equivalent’ meets all of the following:
a.4.a. It supports a non-primary function of the item; and
a.4.b. It is performed by incorporated equipment or ‘‘software’’ that would, as a standalone item, be specified by ECCNs 5A002, 5A003, 5A004, 5B002 or 5D002.

Because it’s not clear what exactly such an item would be, the amendment adds a not very helpful note, in the theme of creating “positive text,” to the new 5A002 to give examples of some items that are not 5A002.a.4. Here’s one:

An automobile where the only ‘cryptography for data confidentiality’ ‘in excess of 56 bits of symmetric key length, or equivalent’ is performed by a Category 5—Part 2 Note 3 eligible mobile telephone that is built into the car. In this case, secure phone communications support a non-primary function of the automobile but the mobile telephone (equipment), as a standalone item, is not controlled by ECCN 5A002 because it is excluded by the Cryptography Note (Note 3)

Okay, I’m going to say it: what century do the plenary delegates live in? Did they all travel in a time machine from 1980 to Wassenaar? Mobile phones built into cars?

So while we’re engaged in time travel, here’s an example of something that would be caught by 5A002.a.4: Maxwell Smart’s shoe phone. Of course, I’m assuming that like any good phone it incorporates non-standard cryptography. The principal purpose of the shoe is, of course, walking and the cryptography supports its non-primary function of talking. So there.

Permalink Comments (6)

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Jul

13

You Had Just One Job: BIS Spokesman Dodges Qatar Boycott Question


Posted by at 8:34 am on July 13, 2017
Category: Anti-BoycottBIS

Port of Fujairah by Port of Fujairah via http://fujairahport.ae/wp-content/gallery/gallery/picture-521.jpg [Fair Use]
ABOVE:Port of Fujairah

Eugene Cotilli is the Media/Congressional Liason at the Department of Commerce and is the listed contact for inquiries relating to the Bureau of Industry and Security (“BIS”). Josh Lederman of the Associated Press contacted him to ask him whether the boycott against Qatar by Saudi Arabia, Bahrain, Egypt and the U.A.E. is an unsanctioned foreign boycott for purposes of the BIS anti-boycott rules that prohibit U.S. companies from complying with unsanctioned foreign boycotts. This blog has previously discussed this issue in this post.

This is a perfectly legitimate question. It is an important question because if the rules do apply and a U.S. company accepts a purchase order with an impermissible boycott clause, it is subject to a fine of $284,582 or twice the value of the transaction, whichever is greater. If the order with the impermissible clause is for $1 million worth of goods, the company accepting that order is liable for a civil penalty of $2 million dollars.

So, given the serious consequences of such a violation, Mr. Cotilli certainly provided useful guidance on this simple question, right? Here is his response: no comment. Right, he declined to answer Lederer’s simple and legitimate question. He didn’t even say,  “I’ll find out and get back to you.”

Part of the purpose of this post is to shame bad government. But there’s another purpose as well. It’s to encourage you to download and save a copy of Josh Lederman’s article and put it in your files. Although the safe play with respect to the Qatar boycott is to treat it as an unsanctioned foreign boycott, as my previous post thought was the case, you might still get caught up in a violation because BIS’s antiboycott rules are ridiculously complex, profoundly unclear and preposterously confusing. You could, even with the best of intentions, run afoul of them because of some clause buried in a letter of credit. Cotilli’s refusal to answer a simple and direct question as to whether the Qatar boycott is covered by these rules may turn out to be your best defense.

You’re welcome.

Permalink Comments (1)

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)