Archive for the ‘China’ Category



Beijing’s Review of U.S. Software Risks Export Woes for Those Who Allow It

Posted by at 10:43 pm on October 19, 2015
Category: BISChinaEncryption

140515-D-VO565-003 by Chief of Joint Chiefs of Staff via Flickr [Public Domain - Work of U.S. Government]

An article that appeared last Friday in the Wall Street Journal suggests that at least one U.S. company is providing the Chinese government with access to proprietary U.S. source code as a condition for access to the Chinese market. What could possibly go wrong with that??

Just as a burglar, who normally suspects everyone else of having his own larcenous motives, puts extra bars on his own doors and windows, the Chinese seem to be worried that U.S. software might have backdoors that allow the U.S. to hack into Chinese systems. Imagine that.

IBM has begun allowing officials from China’s Ministry of Industry and Information Technology to examine proprietary source code—the secret sauce behind its software—in a controlled space without the ability to remove it from the room, the people said. It wasn’t clear which products IBM was allowing reviews of or how much time ministry officials can spend looking at the code. The people said the practice was new and implemented recently.

The Wall Street Journal suggests that this access, which is designed to quell Chinese fears that the U.S. will do unto China what China has done unto the U.S., is largely symbolic because the Chinese are not being given sufficient time to comb through thousands of line of code looking for back doors.

The problem here, however, is that most software programs these days, particularly ones that might have “back door” entry concerns, will have encryption; and the EAR poses special restrictions on exporting certain types of encryption source code to certain government end-users. Encryption source code that is classified as ECCN 5D002 (i.e., is not mass market) and is not publicly available is classified under section 740.17(b)(2)(i)(B) of license exception ENC. Under paragraphs (1) and (2) of the Note to 740.17(b)(2), such encryption source code can, after a classification request, be immediately exported under license exception ENC to any end-user (including a government end-user) in a Supplement 3 country and to non-government end-users in countries, such as China, which are not a Supplement 3 country. However, exports of 5D002 encryption source code that is not publicly available, i.e., that is not available by download or otherwise to members of the public, can only be exported to a government end-user outside Supplement 3, such as the Chinese government, with a license from the Bureau of Industry and Security.  (A very good chart explaining the baroque complexities of  license exception ENC  can be found here.)

Now, here’s the catch. Most encryption algorithms are publicly available, but the code used by specific software to implement that algorithm is not. Indeed, if that code were publicly available, the Chinese wouldn’t need to review it, and the reviewing company would not insist that the code be examined in a “controlled space.” Indeed, you have to imagine that it is precisely the non-public code implementing the public algorithm which would be of most interest to Chinese reviewers concerned about U.S. software having back doors for Uncle Sam to come snooping.

Let me be clear: I’m not saying that IBM has broken any laws here. We don’t know whether the software being examined is 5D002 software or, if it is, that IBM hasn’t applied for and received a license. Rather my point is this: companies that consider giving source code access to the Chinese should only move ahead with a great deal of caution if the software utilizes encryption.

Permalink Comments Off on Beijing’s Review of U.S. Software Risks Export Woes for Those Who Allow It

Bookmark and Share



White House Fires First Salvo at Chinese Government Hacking Activities

Posted by at 12:47 pm on April 2, 2015
Category: ChinaCyber WeaponsEconomic SanctionsOFAC

By Poa Mosyuen (Own work) [CC-BY-SA-3.0 (], via Wikimedia Commons the Office of Foreign Assets Control published an executive order and accompanying FAQs under which the White House establishes the circumstances under which it will add certain persons and entities engaged in hacking computers and networks in the United States to the Specially Designated Nationals and Blocked Persons list. U.S. persons would be prohibited from engaging in any transactions with any of the designated cyberviolaters and all property of the cyberviolaters that comes into the United States or under the control of U.S. persons would required to be blocked.

Unlike most executive orders of this type, no parties have been designated yet under its authority; it is purely prospective in nature. This suggests that the order is, for the moment, mostly a diplomatic salvo and that its likely target is China. The numerous cyber attacks on the United States by China, including the recent Anthem breach, have been well documented and just as vociferously denied (in a clear methinks the lady doth protest too much” fashion) by the Chinese government.

Whether this will be effective in deterring China remains to be seen. One response by China to any future designation might be to double down and engage in cyber retaliation. Given the asymmetric nature of cyber warfare between the U.S. and China, due to the fact that the U.S. is more connected and more vulnerable than China, such retaliation cannot be discounted.

An additional point should be made on these new sanctions. I have seen some popular tech media and bloggers suggest that the sanctions might be applied to domestic hackers, even relatively benign ones doing things similar to what got Aaron Schwartz in trouble. It is important to remember, however, that the International Emergency Economic Powers Act, under which the executive order was issued, restricts the scope of the order to blocking “any property in which any foreign country or a national thereof has any interest,” thereby preventing purely domestic application of these sanctions. A domestic hacker would have to be working on behalf of a foreign country or foreign national to be designated under the new cyber sanctions.

Permalink Comments Off on White House Fires First Salvo at Chinese Government Hacking Activities

Bookmark and Share



Export Car to China: Go Directly to Jail

Posted by at 12:41 am on March 19, 2015
Category: ChinaCriminal Penalties

Porsche Panamera via [Fair Use]

Everybody knows that you can go to jail for exporting a tank to China. But did you know that you can go to jail for exporting a luxury car, classified as EAR99, to China?

Well, it appears that you can. According to an article in the Milwaukee Journal-Sentinel, Mao Peng, a resident of Kenosha, Wisconsin, and his wife were arrested in Los Angeles for exporting luxury vehicles to China and sent back to Wisconsin for trial. Only the terminated criminal proceedings in Los Angeles are in PACER at the moment. The transferred case in Wisconsin has not shown up yet in PACER, so details of the charges are somewhat hard to discern.

But it appears from a number of news sources, like this article in the New York Times, that federal prosecutors have been targeting individuals who purchase luxury vehicles in the United States and then export them to China for resale. Apparently, there is a substantial price differential between the price of luxury vehicles in the U.S. and China creating an attractive arbitrage opportunity for ambitious entrepreneurs. And the auto manufacturers have some how enlisted the DOJ to help them preserve their high margins in China.

At the behest of luxury car manufacturers, the U.S. Government has been seizing cars and bank accounts, but at least one federal judge has called foul. The opinion in that case gives some clue as to the prosecutors’ theories in the luxury car export cases. In that case, the Secret Service seized bank accounts alleged to contain funds derived from an auto broker’s export business. Because luxury auto dealers are prohibited by their manufacturers from selling cars for export, dealers require purchasers to sign, in the purchase documentation, a representation that the cars are for their own use and not for export. The export brokers pay straw purchasers to buy the vehicles for them. The government’s theory is that the brokers are conspiring with the straw purchasers to commit wire fraud in connection with the personal use representations by the straw purchasers. The district court held, relying on the “convergence” requirement, that the misrepresentation was at most a contractual violation rather than a criminal matter because the auto dealers to whom the misrepresentation were made were not injured by the misrepresentation; only the manufacturers were.

Peng’s case, which appears to be the first criminal prosecution for exporting cars to China, may be somewhat different because it appears that his straw purchasers were Native Americans and that sales taxes were therefore not paid on vehicles delivered to reservations on which they lived.   It also appears that the government is alleging that Peng was continuing to use the names of the straw purchasers for more purchases than they had agreed to and that this was some kind of identity theft.   But, according to the Journal-Sentinel article, it also appears that the government’s case is  primarily based on the non-export representations made by the straw purchasers to the auto dealers.

Permalink Comments (3)

Bookmark and Share



Slow Boat From China: Keep Cuba in Arms Evermore

Posted by at 5:23 pm on March 9, 2015
Category: Arms ExportChinaCuba Sanctions

Da Dan Xia Weapons Cache by Colombia Prosecutor's Office [Fair Use]Colombia recently detained the Chinese vessel Da Dan Xia after it entered the port of Cartagena to unload part of its cargo. Based on an anonymous tip, Colombian officials searched the boat and found a boatload, so to speak, of weapons: 100 tons of gunpowder, just under three million detonators, 99 projectiles and approximately 3,000 cannon shells. All destined for Cuba. The ship’s documentation listed none of these goodies correctly, instead calling them spare parts and chemicals, and so the captain of the ship was hauled off the boat and arrested.

The Cubans aren’t saying anything and the Chinese are saying stupid things.

China’s foreign ministry said on Wednesday that the ship had been involved in “normal trade co-operation”. Hua Chunying said the ship was carrying ordinary military supplies to Cuba and was not in violation of any international obligations.

Of course, this does not explain why the items were not accurately described. But I can tell you the likely reason for that: Colombia is a signatory to the Inter-American Convention Against the Illicit Manufacturing and Trafficking in Firearms, Ammunition, Explosives and Other Related Material. That means that a transit permit would have been required for the ship to enter a Colombian port loaded up with this cargo. And, guess what? China did not want to bother getting a transit permit, largely, I suppose, because it did not want the United States, or anyone else, to know that it was selling this stuff to Cuba.

Permalink Comments Off on Slow Boat From China: Keep Cuba in Arms Evermore

Bookmark and Share



It’s A Small World After All, Even For Economic Sanctions

Posted by and at 8:02 pm on June 16, 2014
Category: ChinaEconomic SanctionsEURussia SanctionsSanctionsSudan

It's A Small World by Darren Wittko CC BY 2.0 [] (cropped)G-7 countries recent meeting in Brussels understandably grabbed global headlines for their unified message that they “stand ready to intensify targeted sanctions and to implement significant additional restrictive measures to impose further costs on Russia should events so require.”

While sanctions imposed by G-7 countries, as well as the EU, drive the engine of global sanctions enforcement, there are almost 200 other countries in the world and many of them want to have their position on sanctions known.  Last week, for example, Serbian President Tomislav Nikolić surprised no one on Earth (or anywhere else for that matter) when he told Serbian media, “It’s impossible to imagine Serbia imposing sanctions on Russia.”  Of course, Nikolić’s pronouncement is hardly going to cause the E.U. to rethink, even for a fraction of a nanosecond, its position on Russian sanctions.  On the other hand, the E.U. sanctions may cause Serbia, given that Russia is one of it’s largest trading partners, to rethink the wisdom of its application to become a member of the E.U.

Besting Serbia’s population by over a billion, China is emerging as a critical Russian ally and the most important country that is not imposing sanctions against it.  As with Serbia, economic self-interest and the volume of China’s trade with Russia may be at the heart of this.  In fact, reports on the recent $400 billion, 30-year deal for Gazprom to supply natural gas to China suggest the deal would be based on a ruble-yuan exchange and bypass Western financial systems altogether.

With developed countries like China and Serbia using economic self-interest to justify trading with Russia despite its shenanigans in Ukraine, some developing countries may be acting against their own economic self-interest in imposing sanctions to deal with regional conflicts.  Reuters reported this week, for example, that members of the Intergovernmental Agency for Development, an East African trade group made up of Djibouti, Eritrea, Ethiopia, Kenya, Somalia, South Sudan, Sudan and Uganda, have threatened sanctions against South Sudan if warring factions do not cooperate to end conflict in that country.  The United States imposed sanctions in early May against military leaders involved in the conflict, but they likely will provide no meaningful impact.  However, when everyday trade with your neighboring countries starts to become restricted, sanctions are far more likely to achieve the goal of ending conflict.  If East African sanctions succeed against South Sudan while E.U and U.S. sanctions have no impact on Ukraine,  then we will certainly have a situation where it’s the mice that roar while the elephants squeak.

Sanctions news runs on the front page when it involves the United States and Europe but also on the back pages as it involves the rest of the world.  You have to read the whole paper to make sure you have the full story.

Permalink Comments Off on It’s A Small World After All, Even For Economic Sanctions

Bookmark and Share