Archive for the ‘BIS’ Category


Nov

4

Sometimes Once Doesn’t Mean Once


Posted by at 9:20 am on November 4, 2016
Category: BISEncryption

Blue Hour Capitol Building
My dog Maisie shamelessly plugging the historic Cubs victory in the 2016 World Series

This blog previously reported on the recent changes to the encryption rules.   One less-than-carefully drafted provision in those amendments has been causing some confusion relating to the annual self-classification reports

The issue is whether an item once listed on a self-classification report needs to be relisted on subsequent reports.  Before the recent amendments, products needed to be relisted on subsequent reports for each year in which they were exported during the time frame covered by the classification report.

The new rules say this:

Your encryption self-classification report must include the information described in paragraph (a) of Supplement No. 8 to part 742 for each applicable encryption commodity, software and component made eligible for export or reexport under § 740.17(b)(1) of the EAR. Each product must be included in a report only one time. However, if no new products are made eligible for export or reexport during a calendar year, you must send an email to the addresses listed in paragraph (e)(3)(ii)(A) of this section stating that nothing has changed since the previous report.

At least one law firm has, with some justification, read the language saying that a product must be “included in a report only one time” to mean that items need not be included in subsequent annual reports unless, presumably, the encryption functionality of the item has changed.

At the BIS Update 2016, BIS officials made clear that they do not think that the language means what it appears to say. Instead, they asserted, items needed to be included on subsequent annual self-classification report even if encryption funtionality of the item has not changed since the last report. Apparently the language is thought by the agency to mean that you only have to list an item once on the same report, although why anyone ever thought that they would have to list any product more than once on the same report is puzzling.

No one from the agency, however, at least that I heard, could explain what “becomes eligible for export” means. The reporting requirement in the previous version was for items “exported or reexported pursuant to an encryption registration.” Unfortunately this new language requiring the listing in the report of every encryption item “eligible for export” during the reporting period would appear to apply to every encryption item that the company filing the report might have been able to export during the reporting period.  This would be the case whether or not it was actually exported. The safest course, then, for upcoming self-classification reports is to include every item with encryption functionality that was available for sale during the reporting period.

Note: My apologies for the picture of my dog wearing a Cubs hat.  However, there’s this:  (a) the Cubs victory justifies all actions by longtime Cubs fans that are not otherwise illegal, immoral or rude and (b) a dog picture is the only possible way to make a post about BIS’s encryption rules even vaguely interesting.

Photo Credit: Go Cubs Go! by Clif Burns, via www.clifburns.net. Copyright 2016 Clif Burns

Permalink Comments Off on Sometimes Once Doesn’t Mean Once

Bookmark and Share


Copyright © 2016 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Oct

27

The Kremlin’s Janitor: New Sanctions on Russia Pose Dilemma for U.S.


Posted by at 10:35 pm on October 27, 2016
Category: BISOFACRussia Sanctions

Kremlin.ru [CC-BY-3.0 (http://creativecommons.org/licenses/by/3.0)], via Wikimedia Commonshttp://commons.wikimedia.org/wiki/File%3AVladimir_Putin_at_the_Millennium_Summit_6-8_September_2000-19.jpgAs the U.S. considers more sanctions on Russia, given its cybershenanigans and its involvement in Syria on behalf of Bashar al-Assad, it is running into some unexpected difficulties. The quote of the week, from this article, explains part of the issue:

“While the president has full sanction authority, there’s nobody left to sanction in Russia besides the janitor in the Kremlin,” said Michael Kofman, a global fellow at the Wilson Center’s Kennan Institute in Washington. “In terms of expanding any kind of commercial or financial sanctions, we’re basically maxed out.”

While that is probably an exaggeration, it is not far from the truth. What that means is that individually targeted sanctions are becoming less effective, forcing a consideration of sector-based sanctions, which lead to their own problems in terms of collateral consequences. For example, the sanctions on Rosboronexport had to be revised because it prevented Afghanistan from getting parts for the Mi-17 helicopters that it uses.

Other possible sanctions would impact our allies as well as Putin and his cronies. Options such as preventing U.S. bank from buying ruble-based bonds, cutting off Russia from the SWIFT transfer system, or an embargo on energy exports, would each hurt Europe as much as Russia. Europe gets almost of one-third of energy from Russia.

This illustrates the problem of economic sanctions in a global economy. It’s one thing to whack an economically isolated country. You could cut Granada off from the world economy and the biggest impact would be that your holiday eggnog would have to go nutmeg-less. But for developed or developing economies that are largely integrated into the world economy, economic sanctions will have undesired and unintended effects.

Permalink Comments Off on The Kremlin’s Janitor: New Sanctions on Russia Pose Dilemma for U.S.

Bookmark and Share


Copyright © 2016 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Oct

14

North Pole Praises Today’s OFAC Actions


Posted by at 4:27 pm on October 14, 2016
Category: BISCuba SanctionsOFAC

Santa Flanked by F-16

The following just arrived in my email:

FOR IMMEDIATE RELEASE
MEDIA CONTACT: Elf E. McElfface, eemcelfface@gmail.com or (951) 262-3062

Santa’s Village, North Pole – Santa Claus today, on behalf of himself, Mrs. Claus and the 40,000 elfployees of the Santa Foundation, expressed his gratitude to the Office of Foreign Assets Control for its timely revision of its rules to grant Santa clear authority this year to visit children both in the United States and Cuba. For years, Santa’s efforts to bring holiday cheer to children of both countries has been thwarted by section 515.207 of the Cuba regulations which would prohibit Santa’s sleigh from landing in the United States while toys for Cuban children remained in the sleigh or in landing in the United States if those toys had been delivered to Cuban children first.

Today’s action waives these restrictions if Santa’s sleigh only carries items that would, if they were subject to the EAR, be EAR99 or controlled only for AT reasons. This ends the long struggle over whether teddy bears and other toys — which are not food, medicine, or personal communications devices — could only be delivered to Cuban children in wrapped parcels with the child’s name and address written on the outside and with the statement “GIFT—Export License Not Required” also marked on the parcel package. Notwithstanding the diligence and timely efforts of Santa’s elfployees, compliance with these requirements for each non-naughty child in Cuba has heretofore been impossible.

News of the OFAC announcement led to loud cheers and applause throughout Santa’s Village. Elf E. McElfface, Santa’s spokeself, wiped a tear of joy from his eye as he said to the elves in one of Santa’s workshops that he never believed that this would occur in his lifetime, which was saying a lot given that the average life expectancy of an elf on the North Pole is currently just over 500 years.

As Christmas approaches, Santa said that he was looking forward to this year’s delivery of toys and goodies to the nice children throughout the world more than ever before and reminded children everywhere, both in Cuba and the United States, that they could call his hotline at +1 (951) 262-3062 to leave their Christmas wishes and toy requests.

This press release may include predictions, estimates or other information that might be considered forward-looking. While these forward-looking statements represent the Santa Foundation’s current judgment on what the future holds, they are subject to risks and uncertainties that could cause actual results to differ materially. You are cautioned not to place undue reliance on these forward-looking statements, which reflect our opinions only as of the date of this press release. Please keep in mind that we are not obligating ourselves to revise or publicly release the results of any revision to these forward-looking statements in light of new information or future events.

Permalink Comments (3)

Bookmark and Share


Copyright © 2016 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Oct

12

DOJ to Exporters: Confession Is Good for the Soul


Posted by at 9:40 pm on October 12, 2016
Category: BISCriminal PenaltiesDDTCOFACVoluntary Disclosures

Department of Justice by Ryan J. Reilly [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://flic.kr/p/76Kjf9 [cropped]Apparently the National Security Division at DOJ had a bunch of interns this summer with nothing to do, because this is the only conceivable explanation for the mostly risible “Guidance Regarding Voluntary Disclosures” which the NSD released on October 2. To set the tone for a further discussion of the substance of this Guidance, let’s start with a howler in the Guidance itself. Even if this guidance was written in large part, as it must have been, by eager interns, one would think that a grown-up lawyer would have reviewed this for substance. And, presumably, that grown-up lawyer whose job is to send real people to real jails would understand the laws that he or she is enforcing, right? So how do you explain this statement in the Guidance?

U.S. sanctions regimes and the Department of Commerce’s Export Administration Regulations are currently enforced through IEEPA.

Apparently, no one in the NSD has ever heard of the Trading with the Enemies Act which, as most of this blog’s faithful readers will know, is the statutory basis for the Cuba sanctions and their enforcement.  This is pretty embarrassing mistake about pretty elementary facts.

The thrust of the Guidance is an interagency power grab by which DOJ wants to take away the first responsibility for review of voluntary disclosures from OFAC, DDTC and BIS. The guidance states that voluntary disclosures should be made to the Counterintelligence and Export Section of NSD when the exporter learns that a violation “may have been willful.” Specifically, the Guidance says:

Ordinarily, when an organization voluntarily self-discloses violations of U.S. export controls and sanctions, it presents its VSD to the appropriate regulatory agency under the procedures set forth in the agency’s regulations. … It is not the purpose of this Guidance to alter that practice. However, as discussed further below, when an organization, including its counsel, becomes aware that the violations may have been willful, it should within a reasonably prompt time also submit a VSD to CES.

Actually the purpose is precisely to alter that practice. Remember that the criminal violations involved are violations of the agency regulations themselves. That gives the relevant agencies, and not the DOJ, the principal expertise in determining if a violation has occurred and if it was willful.

The practice until now has been to disclose violations to the relevant agency or agencies with the understanding that the agencies could, if warranted, refer the matter to the DOJ. Once the referral was made,  the prior agency disclosure and continued cooperation with the DOJ investigation would be the basis for credit by the DOJ. No longer. A separate disclosure to DOJ must be made without regard to an agency referral and, if not, the agency disclosure becomes irrelevant to the exercise of prosecutorial discretion if a subsequent referral occurs.

One of the hypotheticals discussed in the Guidance provides ample reason as to why DOJ, which clearly does not understand many of the basics of export control law, should not be usurping the primary role of OFAC, BIS, and DDTC, in export enforcement. In that hypothetical a foreign subsidiary of a U.S. corporation exports U.S. origin items in violation of BIS regulations. Without any suggestion of U.S. participation, the Guidance suggests that the parent would be offered an NPA by DOJ premised on payment of a criminal fine.

However, BIS rules, which have to be the basis of any prosecution in such a case, do not support a theory of vicarious liability by parent corporations. If the parent company did not export the items it could only be held liable, under section 764.2, for causing, aiding or abetting the export. That’s why in the recent Alcon Laboratories case, BIS held the U.S. parent liable for its exports to Iran but not for the exports of its Swiss subsidiary; those exports served only as a basis for a penalty against the Swiss subsidiary.

One last knee-slapper from the Guidance deserves mention. In another hypothetical, the Guidance says this:

Alert customs officers notice a bulky package within a container on a ship at a U.S. port bound to leave on a lengthy voyage overseas. The package contains ITAR-controlled commodities …

Because, you see, all bulky packages are suspicious and probably contain export controlled items. Just remember that when you send a birthday present to your aunt in Slovenia — make sure its just a small package in order to avoid scrutiny by CBP on the way out.

Photo Credit: Department of Justice by Ryan J. Reilly [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://flic.kr/p/76Kjf9 [cropped]. Copyright 2009 Ryan J. Reilly

Permalink Comments (1)

Bookmark and Share


Copyright © 2016 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Sep

22

Don’t Forget Croatia


Posted by at 7:43 am on September 22, 2016
Category: BISEncryption

Sea view. Rovinj, Croatia by Andrey[CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://flic.kr/p/5oVXCk [cropped and processed]

Yesterday, the Bureau of Industry and Security (“BIS”) announced various amendments to the encryption rules. I realize that the encryption rules are a sprawling mess, scattered through various sections of the EAR and written in an incomprehensible jargon that sounds like they were translated into English from a Vulcan paraphrase of the original Sanskrit. I also realize that your eyes understandably glazed over when you saw the word “encryption.” So I’ll try to make this as painless and entertaining as possible.

Let’s start with the really big news. Croatia has been added to the list of Supplement 3 Countries! Woohoo! For those of you aren’t really excited about this, that is probably because you forgot that if you are not a Supp. 3 country, there is a 30 day waiting period after a review request has been filed before encryption items described in 740.17(b)(2) and (b)(3) such as source code and high-performance network equipment can be exported to that country. And if those items were going to government end users in  country not on the Supp. 3 list, a license was required. So, today was declared a national holiday in Croatia and papier-mâché effigies of key BIS officials were draped with garlands and paraded through town squares across the country.

While we’re on the subject of government end users, the amendments create a new kind of government end user — “less sensitive government end users.” These are government agencies that are the toughest of their kind and at which you can hurl the most frightening insults — say, “you cabal of pointy-headed bureaucrats!” — without hurting their feelings. No, I’m just kidding with you. “Less sensitive government end users” are government agencies that are less likely to use encryption for evil purposes, like museums, water treatment plants and census bureaus.

The reason for identifying “less sensitive government end users” is that high performance network infrastructure equipment used to require a license to go to any government on the Naughty List (i.e., not on the Supp. 3 Nice list). Now these items can be exported 30-days after a review request is filed provided that it’s a less sensitive government end user.

The best news I’ve saved for last.  No more encryption registration numbers!  For the 50 or so companies out there who still don’t have an ERN, you’re off the hook.  Annual self-classification reports will still have to be filed; and the new format for the report, which is detailed in an amended Supplement 8 to Part 742, incorporates some of the information that used to be required by the ERN application.

For a summary of the remaining changes, including a long-needed update of the performance parameters for high performance network infrastructure equipment subject to higher encryption controls, you can read this excellent summary, which is mostly clear and more or less written in English, helpfully provided by the nice people at BIS.

Photo Credit: Sea view. Rovinj, Croatia by Andrey [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://flic.kr/p/5oVXCk [cropped and processed]. Copyright 2008 Andrey

 

Permalink Comments (3)

Bookmark and Share


Copyright © 2016 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)