Archive for the ‘BIS’ Category


Jan

20

No Cigar for You!


Posted by at 10:13 pm on January 20, 2015
Category: BISCuba SanctionsOFAC

Cuba Capitole by y.becart(Own work) [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://www.flickr.com/photos/yoh_59/13697566663The recent revisions to the U.S. sanctions on Cuba has generated a great deal of press coverage and, not surprisingly, more enthusiasm than accuracy. Here are a few bloopers I’ve seen recently.

The NBC outlet in Miami announced that the new regulations, released on January 15, would permit “South Florida cigar shops [to] soon be able to carry cigars from Cuba.” The only delay would be the time it will take those shops to “stock up” on the cigars. Nope. The amended section 515.560(c)(3) can bring back these products “for personal use only.”

It comes as less of a shock that the online news outlet Havana Times would say this:

The only thing you have to do to go to Cuba is book your travel. No government forms, no permissions, no licences. Just go.

Nope, again. U.S. travelers have to qualify for one of the twelve general licenses set out in 515.560. The only change is that you don’t need to wait for a specific license from OFAC. But you can’t get on a plane to go sip mojitos on the beach since, at least at the moment, there is no general license for drinking or sunbathing.

It comes as more of a shock, that the Huffington Post would suggest that Americans should get on a plane to “soak up some sun at Tropicoco Beach.” To give HuffPost some benefit of the doubt, let’s suppose they meant taking time off from an activity eligible for a general license to spend a little beach time. Whether you can or not, depends on what is meant by a “full-time schedule” since these general licenses normally require a “full-time schedule” devoted to the eligible activity. In the past, OFAC has said that missionaries that took a few hours off to visit a beach violated this requirement.

The situation may be a little more favorable for journalists than missionaries because the amended regulations say that the journalist’s activities schedule of activities” cannot include “recreation in excess of that consistent with a full-time schedule.” The same language does not appear in the general license for missionaries or in the other general licenses.

And I’ve saved the best for last. A columnist for the Charlotte Observer, for reasons that are not entirely clear, wants to export Bruce Jenner to Cuba. Of course former U.S. Olympic athletes whose appearance offends a columnist in Charlotte is not among the category of items authorized for export to Cuba under the new BIS regulations. Besides, if we’re going to start shipping off celebrities to Cuba, my vote goes for sending Justin Bieber.

Permalink Comments (3)

Bookmark and Share



Jan

13

Iconic New York Camera Store Agrees to Hefty Export Fine


Posted by at 6:35 pm on January 13, 2015
Category: BIS

B&H Superstore on 9th Avenue via B&H Instagram account http://instagram.com/p/xe7viqg8ct/ [Fair Use]Some of you may know that, when I have spare time, I like to spend it behind the lens of a camera, so I was a bit dispirited to see a recent enforcement action by the Bureau of Industry and Security (“BIS”) against the iconic New York City photography retailer B&H Photo. I have been a loyal Internet customer of B&H pretty much since the beginning of the Internet, and no trip to NYC by me is complete without stopping by their store to drool over expensive photographic gear that I usually cannot justify buying. Sadly, and according to these charging documents, B&H agreed to pay $275,000 to settle charges that it exported $23,000 of rifle scopes and sighting equipment, classified as ECCN 0A987, between 2009 and 2012.

Given the value of the rifle scopes and sights in question, the $275,000 fine seems rather hefty. BIS no longer routinely reveals whether cases started with a voluntary disclosure, largely, I think, to deflect criticism that the agency treats exporters who make voluntary disclosures more harshly than is warranted, so we do not know whether or not the presence or absence of a voluntary disclosure affected the size of this fine. One possibility, of course, is that the exports came to BIS’s attention through a customs seizure; it was likely that B&H accurately described the exported items as rifle scopes or optical sighting devices and, sooner or later, some customs officer at the Port of New York would have taken action since even a CBP rookie would know that these items require export licenses to most destinations. Even so, it seems likely that it was an innocent violation; a camera retail store in New York City was unlikely to have been aware that these items required licenses.

In all events, B&H has certainly found religion on this issue. A trip to their website revealed that if I tried to buy a rifle scope and entered an address in Afghanistan, the site politely informed me that government restrictions would not permit them to ship that item to that destination. In all events, it was an expensive lesson, and I, for one, hope that it will not force them to raise their prices!

Permalink Comments (1)

Bookmark and Share



Jan

7

Behind Every Cloud Is Another Cloud


Posted by at 10:51 pm on January 7, 2015
Category: BISCloud ComputingEncryption

Lonely Cloud by Kate Haskell https://www.flickr.com/photos/fuzzcat/32487111/ CC BY 2.0 [https://creativecommons.org/licenses/by/2.0/] (cropped)Breaking News: the Commerce Department has finally figured out how the Internet works. Or, perhaps more accurately, the Commerce Department has figured out that clouds aren’t just fluffy things that float in the sky from time to time.

Readers of this blog will know that I have been arguing for quite some time that the export agencies, including the Commerce and State Departments, need to revisit their absurd position that exports of encrypted technical data are the same thing as export of the technical data in plain text. If a company puts encrypted controlled technical data or technology on a foreign cloud server, then, under current rules and policies, the company will have exported that technical data or technology and will have violated the law if a license was required to export that information to that country.

According to this report (subscription required), BIS Assistant Secretary for Export Administration Kevin Wolf has revealed that this is being rethought

Among the terms to be defined is what constitutes an “export,” and one element of that definition will be that controlled information encrypted “in a certain way” will not constitute an export for purposes of cloud computing, while the unencrypted version would be, Wolf said.

That was the good news. Now for the bad news: according to Wolf, the various stakeholder agencies have not yet been able to agree on just what type of encryption will be sufficient to prevent an “export” of the transferred data.

The irony here is that the Department of Defense itself did not engage in any hand-wringing over encryption standards when it plopped its own, and presumably highly sensitive, communications on Chinese satellite transponders, rebuffing critics by noting simply that everything was encrypted. But — to end on a positive note — Assistant Secretary Wolf, who has been one of the driving forces behind export control reform, clearly understands this issue and I am sure he will do what he can to end this pointless interagency squabbling over the comparative merits and demerits of Blowfish, Triple DES and AES-256.

Permalink Comments Off

Bookmark and Share



Dec

10

Expressio Unius Est Exclusio Alterius: E Pluribus (License Conditions) Unum


Posted by at 9:33 pm on December 10, 2014
Category: BIS

By Daderot (Own work) [CC0], via Wikimedia Commons http://commons.wikimedia.org/wiki/File%3APatent_quote_-_United_States_Department_of_Commerce_-_DSC05103.JPGThe Bureau of Industry and Security has announced that, starting on December 8, a new license condition will appear on all validated licenses. That condition reads as follows:

Unless limited by a condition set forth below, the export, reexport or transfer (in-country) authorized by this license is for the item(s), end-use(s), and parties described in the license application and any letters of explanation. The applicant is responsible for informing the other parties identified on the license, such as ultimate consignees and end-users, of the license’s scope and of the specific conditions applicable to them. BIS has granted this license in reliance on representations the applicant made in the license application, letters of explanation, and other documents submitted.

The laudable purpose here is to get rid of the silly license conditions that simply reiterate existing requirements of the Export Administration Regulations, such as Part 744′s prohibition on nuclear end uses. BIS is concerned about possibility that the existence of, say, the no nuclear use condition will give someone the idea that it is okay to allow the exported item to be used in the production of chemical weapons in violation of section 744.4 of the EAR. Expressio unius and all that.

But I wonder, and the BIS announcement does not say, whether the language quoted above will replace the following condition that is included, in one form or another, on all licenses:

No resale, transfer, or reexport of the items listed on this license is authorized without prior authorization by the U.S. Government.

The issue here is an odd lacuna in the EAR. If you look through the General Prohibitions, there is no explicit prohibition against in-country transfers of items exported under license. The prohibitions on certain exports and re-exports do not, by definition, reach in-country transfers. Rather the General Prohibitions only address in-country transfers in connection with denial orders (General Prohibition 4) and illegally exported items (General Prohibition 10). Instead, the way that in-country transfers are prohibited is through General Prohibition 9, which prohibits violation of any license condition, such as the one quoted above, which makes clear that no in-country transfer can occur with U.S. Government approval.

The new license condition is worded in such a way that it seems possible that it will replace the standard condition prohibiting resale, transfer or re-export without government approval. But if it does, BIS will have unintentionally opened the door to unlicensed in-country transfer of items exported under license.

Permalink Comments Off

Bookmark and Share



Dec

4

Some Clouds Do Have Silver Linings (or Not)


Posted by at 9:15 pm on December 4, 2014
Category: BIS

Lonely Cloud by Kate Haskell https://www.flickr.com/photos/fuzzcat/32487111/ CC BY 2.0 [https://creativecommons.org/licenses/by/2.0/] (cropped)In an advisory opinion dated November 13, 2014, the Bureau of Industry and Security (“BIS”) rode once again into the cloud computing breach to confront the tricky metaphysical question of when software that lives in the cloud is exported.  At issue is this: when a foreign user accesses a U.S. server running a software application, say Adobe Photoshop, has the software for the application been exported to the  foreign user? In such a scenario, the foreign user will be using the software in exactly the same fashion as if it had been download and installed on his local hard drive, with the only difference being a slight lag if his Internet connection is poor.

The BIS advisory opinion takes what might be called, in philosophical terms, a positivist approach to this question:

Instead of downloading the software and processing data locally the foreign user of a U.S. server sends its data to the cloud for processing, and causes its processed data to be transmitted back to it. Although there may be export of technology in this context, there is no export of software.

So the silver lining here, for cloud companies, is this literalist view of software exports. Software is exported when a physical disk with the software or an electrical impulse representing the code crosses a border. Just because someone uses the software remotely it has not been exported.

Now for the “Or Not” in the headline. Although BIS’s literalist approach to the download of software has a certain appeal, and is likely to be welcomed by cloud providers, there is something that the advisory opinion does not say. And this is where we can see the utter insanity of having export control scattered over competing agencies each trying to establish their own primacy in the export control domain. The advisory opinion says nothing about the rules of the Office of Foreign Assets Control (“OFAC”) which, in more than a few instances, might be implicated by the cloud scenario described above. Suppose the foreign user is in, say, Iran. Although the U.S. cloud provider might not be exporting software to Iran, at least the way BIS sees it, it certainly will be exporting a service to Iran in violation of OFAC rules.

Faithful readers of this blog will likely recognize this issue, but others reading the BIS opinion might conclude that, because there is no export of the software to Iran, it is completely legal to make the program available to Iranians from a U.S. based cloud. Until all export control is moved under the control of one agency, this kind of nonsensical trap will continue to snare innocent people and businesses for no good reason.

Permalink Comments Off

Bookmark and Share