Archive for the ‘BIS’ Category



Iconic New York Camera Store Agrees to Hefty Export Fine

Posted by at 6:35 pm on January 13, 2015
Category: BIS

B&H Superstore on 9th Avenue via B&H Instagram account [Fair Use]Some of you may know that, when I have spare time, I like to spend it behind the lens of a camera, so I was a bit dispirited to see a recent enforcement action by the Bureau of Industry and Security (“BIS”) against the iconic New York City photography retailer B&H Photo. I have been a loyal Internet customer of B&H pretty much since the beginning of the Internet, and no trip to NYC by me is complete without stopping by their store to drool over expensive photographic gear that I usually cannot justify buying. Sadly, and according to these charging documents, B&H agreed to pay $275,000 to settle charges that it exported $23,000 of rifle scopes and sighting equipment, classified as ECCN 0A987, between 2009 and 2012.

Given the value of the rifle scopes and sights in question, the $275,000 fine seems rather hefty. BIS no longer routinely reveals whether cases started with a voluntary disclosure, largely, I think, to deflect criticism that the agency treats exporters who make voluntary disclosures more harshly than is warranted, so we do not know whether or not the presence or absence of a voluntary disclosure affected the size of this fine. One possibility, of course, is that the exports came to BIS’s attention through a customs seizure; it was likely that B&H accurately described the exported items as rifle scopes or optical sighting devices and, sooner or later, some customs officer at the Port of New York would have taken action since even a CBP rookie would know that these items require export licenses to most destinations. Even so, it seems likely that it was an innocent violation; a camera retail store in New York City was unlikely to have been aware that these items required licenses.

In all events, B&H has certainly found religion on this issue. A trip to their website revealed that if I tried to buy a rifle scope and entered an address in Afghanistan, the site politely informed me that government restrictions would not permit them to ship that item to that destination. In all events, it was an expensive lesson, and I, for one, hope that it will not force them to raise their prices!

Permalink Comments (1)

Bookmark and Share



Behind Every Cloud Is Another Cloud

Posted by at 10:51 pm on January 7, 2015
Category: BISCloud ComputingEncryption

Lonely Cloud by Kate Haskell CC BY 2.0 [] (cropped)Breaking News: the Commerce Department has finally figured out how the Internet works. Or, perhaps more accurately, the Commerce Department has figured out that clouds aren’t just fluffy things that float in the sky from time to time.

Readers of this blog will know that I have been arguing for quite some time that the export agencies, including the Commerce and State Departments, need to revisit their absurd position that exports of encrypted technical data are the same thing as export of the technical data in plain text. If a company puts encrypted controlled technical data or technology on a foreign cloud server, then, under current rules and policies, the company will have exported that technical data or technology and will have violated the law if a license was required to export that information to that country.

According to this report (subscription required), BIS Assistant Secretary for Export Administration Kevin Wolf has revealed that this is being rethought

Among the terms to be defined is what constitutes an “export,” and one element of that definition will be that controlled information encrypted “in a certain way” will not constitute an export for purposes of cloud computing, while the unencrypted version would be, Wolf said.

That was the good news. Now for the bad news: according to Wolf, the various stakeholder agencies have not yet been able to agree on just what type of encryption will be sufficient to prevent an “export” of the transferred data.

The irony here is that the Department of Defense itself did not engage in any hand-wringing over encryption standards when it plopped its own, and presumably highly sensitive, communications on Chinese satellite transponders, rebuffing critics by noting simply that everything was encrypted. But — to end on a positive note — Assistant Secretary Wolf, who has been one of the driving forces behind export control reform, clearly understands this issue and I am sure he will do what he can to end this pointless interagency squabbling over the comparative merits and demerits of Blowfish, Triple DES and AES-256.

Permalink Comments Off

Bookmark and Share



Expressio Unius Est Exclusio Alterius: E Pluribus (License Conditions) Unum

Posted by at 9:33 pm on December 10, 2014
Category: BIS

By Daderot (Own work) [CC0], via Wikimedia Commons Bureau of Industry and Security has announced that, starting on December 8, a new license condition will appear on all validated licenses. That condition reads as follows:

Unless limited by a condition set forth below, the export, reexport or transfer (in-country) authorized by this license is for the item(s), end-use(s), and parties described in the license application and any letters of explanation. The applicant is responsible for informing the other parties identified on the license, such as ultimate consignees and end-users, of the license’s scope and of the specific conditions applicable to them. BIS has granted this license in reliance on representations the applicant made in the license application, letters of explanation, and other documents submitted.

The laudable purpose here is to get rid of the silly license conditions that simply reiterate existing requirements of the Export Administration Regulations, such as Part 744′s prohibition on nuclear end uses. BIS is concerned about possibility that the existence of, say, the no nuclear use condition will give someone the idea that it is okay to allow the exported item to be used in the production of chemical weapons in violation of section 744.4 of the EAR. Expressio unius and all that.

But I wonder, and the BIS announcement does not say, whether the language quoted above will replace the following condition that is included, in one form or another, on all licenses:

No resale, transfer, or reexport of the items listed on this license is authorized without prior authorization by the U.S. Government.

The issue here is an odd lacuna in the EAR. If you look through the General Prohibitions, there is no explicit prohibition against in-country transfers of items exported under license. The prohibitions on certain exports and re-exports do not, by definition, reach in-country transfers. Rather the General Prohibitions only address in-country transfers in connection with denial orders (General Prohibition 4) and illegally exported items (General Prohibition 10). Instead, the way that in-country transfers are prohibited is through General Prohibition 9, which prohibits violation of any license condition, such as the one quoted above, which makes clear that no in-country transfer can occur with U.S. Government approval.

The new license condition is worded in such a way that it seems possible that it will replace the standard condition prohibiting resale, transfer or re-export without government approval. But if it does, BIS will have unintentionally opened the door to unlicensed in-country transfer of items exported under license.

Permalink Comments Off

Bookmark and Share



Some Clouds Do Have Silver Linings (or Not)

Posted by at 9:15 pm on December 4, 2014
Category: BIS

Lonely Cloud by Kate Haskell CC BY 2.0 [] (cropped)In an advisory opinion dated November 13, 2014, the Bureau of Industry and Security (“BIS”) rode once again into the cloud computing breach to confront the tricky metaphysical question of when software that lives in the cloud is exported.  At issue is this: when a foreign user accesses a U.S. server running a software application, say Adobe Photoshop, has the software for the application been exported to the  foreign user? In such a scenario, the foreign user will be using the software in exactly the same fashion as if it had been download and installed on his local hard drive, with the only difference being a slight lag if his Internet connection is poor.

The BIS advisory opinion takes what might be called, in philosophical terms, a positivist approach to this question:

Instead of downloading the software and processing data locally the foreign user of a U.S. server sends its data to the cloud for processing, and causes its processed data to be transmitted back to it. Although there may be export of technology in this context, there is no export of software.

So the silver lining here, for cloud companies, is this literalist view of software exports. Software is exported when a physical disk with the software or an electrical impulse representing the code crosses a border. Just because someone uses the software remotely it has not been exported.

Now for the “Or Not” in the headline. Although BIS’s literalist approach to the download of software has a certain appeal, and is likely to be welcomed by cloud providers, there is something that the advisory opinion does not say. And this is where we can see the utter insanity of having export control scattered over competing agencies each trying to establish their own primacy in the export control domain. The advisory opinion says nothing about the rules of the Office of Foreign Assets Control (“OFAC”) which, in more than a few instances, might be implicated by the cloud scenario described above. Suppose the foreign user is in, say, Iran. Although the U.S. cloud provider might not be exporting software to Iran, at least the way BIS sees it, it certainly will be exporting a service to Iran in violation of OFAC rules.

Faithful readers of this blog will likely recognize this issue, but others reading the BIS opinion might conclude that, because there is no export of the software to Iran, it is completely legal to make the program available to Iranians from a U.S. based cloud. Until all export control is moved under the control of one agency, this kind of nonsensical trap will continue to snare innocent people and businesses for no good reason.

Permalink Comments Off

Bookmark and Share



BIS Updates FAQs on Shale Issue

Posted by at 8:54 pm on November 20, 2014
Category: BISOFACRussia Sanctions

Ocean Star Drilling Rig by Ed Schilpul [CC-BY-SA-2.0 (], via Flickr our prior post on the Russia sanctions and export of equipment to be used in oil production and exploration in shale, we noted that BIS had not yet weighed in on whether its export ban, like OFAC’s restriction, covered only production and exploration of oil in shale and not production and exploration which went through shale to oil reservoirs below. Well, in fact BIS has also recently updated its FAQs and has reached the same conclusion as OFAC. BIS is to be commended for phrasing its FAQ on this issue in a clear and intelligible way, unlike the cryptic version posted by OFAC.

Q11: When the August 6 rule refers to shale and uses the terms exploration or production in shale, do the restricted end uses apply only to situations, such as fracking, where the hydrocarbon is located in shale formations, or do they also apply to projects involving penetrating a layer of shale to reach a reservoir located below the shale formation? What about projects that involve unconventional methods of extracting oil from shale (e.g., from shale reservoirs or oil shale processing)?

A11: The license requirements of §746.5 of the EAR apply to the specified items when you know that the item will be used directly or indirectly in exploration for, or production of, oil or gas in Russian deepwater (greater than 500 feet) or Arctic offshore locations or shale formations in Russia, or are unable to determine whether the item will be used in such projects. Thus, the license requirement applies to exploration for, or production of, oil or gas from a shale formation. The license requirement does not apply to exploration or production through shale to locate or extract crude oil or gas in reservoirs.

You can’t get any clearer than that.

Permalink Comments (5)

Bookmark and Share