Archive for the ‘BIS’ Category


Oct

29

Free Food and Drink


Posted by at 11:56 pm on October 29, 2015
Category: BIS

Update 2015

If you are attending BIS Update 2015 and would like to get together for some free food and drink, please drop me an email at clif.burns@bryancave.com. I have some invitations for a reception being held at Bryan Cave on the evening of November 3 which I can send to you. I’ll be there but, more importantly, so will be things to eat and drink.

Permalink Comments (1)

Bookmark and Share


Copyright © 2015 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Oct

19

Beijing’s Review of U.S. Software Risks Export Woes for Those Who Allow It


Posted by at 10:43 pm on October 19, 2015
Category: BISChinaEncryption

140515-D-VO565-003 by Chief of Joint Chiefs of Staff via Flickr https://flic.kr/p/nkMLsf [Public Domain - Work of U.S. Government]

An article that appeared last Friday in the Wall Street Journal suggests that at least one U.S. company is providing the Chinese government with access to proprietary U.S. source code as a condition for access to the Chinese market. What could possibly go wrong with that??

Just as a burglar, who normally suspects everyone else of having his own larcenous motives, puts extra bars on his own doors and windows, the Chinese seem to be worried that U.S. software might have backdoors that allow the U.S. to hack into Chinese systems. Imagine that.

IBM has begun allowing officials from China’s Ministry of Industry and Information Technology to examine proprietary source code—the secret sauce behind its software—in a controlled space without the ability to remove it from the room, the people said. It wasn’t clear which products IBM was allowing reviews of or how much time ministry officials can spend looking at the code. The people said the practice was new and implemented recently.

The Wall Street Journal suggests that this access, which is designed to quell Chinese fears that the U.S. will do unto China what China has done unto the U.S., is largely symbolic because the Chinese are not being given sufficient time to comb through thousands of line of code looking for back doors.

The problem here, however, is that most software programs these days, particularly ones that might have “back door” entry concerns, will have encryption; and the EAR poses special restrictions on exporting certain types of encryption source code to certain government end-users. Encryption source code that is classified as ECCN 5D002 (i.e., is not mass market) and is not publicly available is classified under section 740.17(b)(2)(i)(B) of license exception ENC. Under paragraphs (1) and (2) of the Note to 740.17(b)(2), such encryption source code can, after a classification request, be immediately exported under license exception ENC to any end-user (including a government end-user) in a Supplement 3 country and to non-government end-users in countries, such as China, which are not a Supplement 3 country. However, exports of 5D002 encryption source code that is not publicly available, i.e., that is not available by download or otherwise to members of the public, can only be exported to a government end-user outside Supplement 3, such as the Chinese government, with a license from the Bureau of Industry and Security.  (A very good chart explaining the baroque complexities of  license exception ENC  can be found here.)

Now, here’s the catch. Most encryption algorithms are publicly available, but the code used by specific software to implement that algorithm is not. Indeed, if that code were publicly available, the Chinese wouldn’t need to review it, and the reviewing company would not insist that the code be examined in a “controlled space.” Indeed, you have to imagine that it is precisely the non-public code implementing the public algorithm which would be of most interest to Chinese reviewers concerned about U.S. software having back doors for Uncle Sam to come snooping.

Let me be clear: I’m not saying that IBM has broken any laws here. We don’t know whether the software being examined is 5D002 software or, if it is, that IBM hasn’t applied for and received a license. Rather my point is this: companies that consider giving source code access to the Chinese should only move ahead with a great deal of caution if the software utilizes encryption.

Permalink Comments Off on Beijing’s Review of U.S. Software Risks Export Woes for Those Who Allow It

Bookmark and Share


Copyright © 2015 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Sep

28

Voluntary Disclosure Serves as Chum for Derivative Suit Plaintiffs’ Lawyers


Posted by at 9:50 pm on September 28, 2015
Category: BISIran SanctionsOFAC

Shark by Jeff Kubina [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://flic.kr/p/cCRFX [cropped]

An unfortunate issue for publicly traded companies that file voluntary disclosures is what seems to be an increasing trend: plaintiffs’ lawyers specializing in derivative shareholder suits circling the company looking for a kill. This seems to be particularly true if there is a whiff of Iran in the voluntary disclosure, something that attracts plaintiffs’ lawyers like buckets of chum in the water, the lawyers well knowing that once they can ominously whisper Iran in front of jury, their contingent fee award and that new Ferrari are a done deal.

Here’s a particularly instructive example of a plaintiffs’ firm called Harwood Feffer LLP trolling for plaintiffs in a press release on PR Newswire on the heels of a company’s voluntary disclosure to OFAC and BIS:

Harwood Feffer LLP … is investigating potential claims against the board of directors of VASCO Data Security International, Inc. … concerning whether the board has breached its fiduciary duties to shareholders.

On July 21, 2015, VASCO disclosed that certain of its products may have been illegally sold to parties in Iran subject to economic sanctions. The Company has notified the U.S. Department of the Treasury, Office of Foreign Assets Control and the U.S. Department of Commerce, Bureau of Industry and Security and will report to them the full extent of the violations once an internal review has been completed.

If you own VASCO shares and wish to discuss this matter with us, or have any questions concerning your rights and interests with regard to this matter, please contact [us].

Oh dear. That sounds grim. The company’s products sold “to parties in Iran subject to economic sanctions.” Somebody better get out their checkbooks so that Mr. Harwood and Mr. Feffer can make the down payment on that Ferrari. (Nevermind, of course, the misunderstanding of U.S. sanctions evinced by “sold to parties in Iran subject to economic sanctions” . . . as if there were parties in Iran not subject to sanctions.)

But, of course, this frightening scenario cooked up by Harwood Feffer loses most, if not all, of its steam when you look at the SEC filing that prompted the Harwood Feffer “investigation.”

VASCO regularly sells products through third party distributors, resellers and integrators (collectively “Resellers”). VASCO’s standard terms and conditions of sale and template agreements that are in general use prohibit sales and exports of any VASCO products contrary to applicable laws and regulations, including United States export control and economic sanctions laws and regulations. VASCO, however, does not always have visibility over its Reseller’s ultimate customers.

VASCO management has recently become aware that certain of its products which were sold by a VASCO European subsidiary to a third-party distributor may have been resold by the distributor to parties in Iran … .

The Audit Committee of the Company’s Board of Direc.tors has initiated an internal investigation to review this matter with the assistance of outside counsel. VASCO has stopped all shipments to such distributor pending the outcome of the investigation which will include a review and recommendations to improve, if necessary, VASCO’s applicable compliance procedures regarding these matters. As a precautionary matter, concurrent initial notices of voluntary disclosure were submitted on June 25, 2015 with each of the U.S. Department of the Treasury, Office of Foreign Assets Control (“OFAC”), and the U.S. Department of Commerce, Bureau of Industry and Security (“BIS”). The Company will file a further report with each of OFAC and BIS after completing its review and fully intends to cooperate with both agencies.

Regular readers of this blog will, no doubt, find risible claims that the actions by VASCO management described above are a breach of fiduciary duty. The products were not sold by VASCO but by a distributor under a contractual obligation not to resell the products to Iran. VASCO, once it learned of the sales, halted all sales to the distributor, commenced an internal investigation, and filed precautionary initial notifications with BIS and OFAC. In other words, they followed what appear to have been best practices in such a situation. And now, they have to deal with the likes of Messrs. Harwood and Feffer.

There are two lessons here. First, the potential discovery requests from plaintiff’s lawyers in search of contingent fee awards mean that companies must be particularly careful to assure that the internal investigation is covered, to the extent possible, by attorney-client privilege. Second, I think publicly traded companies will begin to re-evaluate filing precautionary initial notices of voluntary disclosure with respect to sales made, without the company’s knowledge or consent, to embargoed countries. Rather, I think we’ll see companies decide to conduct a robust internal investigation and then file an initial notification only if that investigation turns up evidence that the company or its employees knew of, or consented to, the sales in question.

Permalink Comments Off on Voluntary Disclosure Serves as Chum for Derivative Suit Plaintiffs’ Lawyers

Bookmark and Share


Copyright © 2015 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Sep

22

New Cuba Rules Admit the Embargo Threatened the Safety of Civil Aviation


Posted by at 8:54 pm on September 22, 2015
Category: BISCuba SanctionsOFAC

A Cubana Ilyushin Il-96-300 at Domodedovo International Airport by Dmitriy Pichugin [GNU Free Documentation License, Version 1.2 ], via https://commons.wikimedia.org/wiki/File:Cubana_Il-96-300_CU-T1254_DME_Feb_2009.png [cropped]

This blog has noted before that comprehensive embargoes by the United States that cover civil aircraft parts flaunt the Convention on International Civil Aviation to which the United States is a party inasmuch as they endanger the lives of people in the air and on the ground in countries not subject to the embargo.  The new Cuba rules proposed by the Bureau of Industry and Security (found here) and by the Office of Foreign Assets Control (found here) begin to correct this problem, at least as far as the Cuba embargo and BIS are concerned.

Articles 4 and 44 of the Convention make clear that member states are not to compromise the safety of civil aviation  as an instrument of national policy against other countries or to take actions in pursuing national goals that would endanger civil aviation in other member states. Use of an embargo to withhold essential parts for civilian aircraft clearly conflicts with these principles and with the United States’ obligation under the Convention.

The proposed amendments forthrightly admit that the U.S. embargo endangers civil aviation by now adding section 746.2(b)(6) which, as now amended, states:

License applications for exports or re-exports of items to ensure safety in civil aviation, including the safe operation of commercial passenger aircraft will be considered on a case-by-case basis.

Not only does this admit that the embargo had a deleterious effect on flight safety, but it leaves open the possibility that the U.S. could continue to endanger flight safety on a “case-by-case basis.” One has to wonder why there would ever be a question with respect to “items to ensure safety in civil aviation.”

Of course, OFAC is up to its neck as well in this problem, because it also regulates exports and re-exports to Cuba. The general license in section 515.533* for exports of items licensed by BIS only covers items exported from the United States or items re-exported from the United States with 100% U.S. content. In the case of items with less than 100% U.S. content re-exported from outside the U.S., an OFAC license will be required (which will be in addition to a BIS license if the item is subject to the EAR, i.e., has 25% or more U.S. content.)

The new OFAC rules, however, do not contain an explicit statement of the licensing policy for Cuba. And unlike the case with Iran, where OFAC published a licensing policy for exports “to ensure the safe operation of Iranian commercial passenger aircraft,” there is no such published policy with respect to Cuban commercial passenger aircraft, although OFAC may informally be applying that policy. So, at least with respect to re-exports of goods with less than 100% U.S. content, OFAC appears to be free to continue to violate the Convention to the detriment of international civil aviation, although whether it will do so remains to be seen.


*Because the Internet is hard, OFAC has, apparently by mistake, removed the complete text of the Cuba regulations from its site and now links instead only the text of the public notice announcing the new amendments.

Permalink Comments (1)

Bookmark and Share


Copyright © 2015 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Sep

18

Friday Grab Bag


Posted by at 5:32 pm on September 18, 2015
Category: BISCuba SanctionsOFAC

Grab BagHere are a few recent developments that you may have missed:

  • Adam Szubin, former OFAC head, threatens to re-impose sanctions on Iranian banks in confirmation hearings on his nomination as Treasury Department Under Secretary for Terrorism and Financial Intelligence.
  • DC  tabloid Washington Examiner suggests that BIS is about to realize more rules lifting parts of the Cuba embargo; quotes DC attorney and embargo cheerleader who predicts end of the world as we know it if that happens. UPDATE: New BIS regulations are here and new OFAC regulations are here. They will be effective when published on Monday (9/21/2015). World to end on following day.
  • Sony’s deal to distribute Cuban music is premised, naturally, on the informational materials exception, and has been in the works for two years with OFAC granting travel licenses for Sony executives to go to Cuba to negotiate the deal.
  • Foreign Policy magazine’s blog is all worked up about military applications of mind-reading machines and possible proliferation of this “dual use” technology. Next week, the folks at Foreign Policy blog are going to urge that warp speed space ships be added to the USML.
Permalink Comments Off on Friday Grab Bag

Bookmark and Share


Copyright © 2015 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)