Archive for the ‘China’ Category



ZTE Gets Last Minute Reprieve (Sort Of)

Posted by at 10:33 pm on June 28, 2016
Category: BISChinaEntity ListIran Sanctions

ZTE Stand 6 via [Fair Use]The Bureau of Industry and Security today announced that it was extending the Temporary General License which permitted exports to ZTE from June 30 all the way to August 30. ZTE, as this blog reported here, was placed on the Entity List because of elaborate shenanigans by the company by which it bought U.S. goods and resold them to Iran.

Two weeks after bringing the ban hammer down on ZTE, BIS issued a temporary general license which covered March 24 to June 30, more than three months. The new temporary license expires on August 30, one day short of two months from June 30. Why this temporary license is shorter than the previous one was not disclosed but one can only suspect that ZTE may not be minding its manners in the way that BIS would like to see.

The problem for U.S. exporters is that such a short license, with the real possibility, given its shortened length, that it may not be renewed beyond August 30, opens up the possibility that the exporter will sell items to ZTE that it may not later be able to service even though the warranty on those items is still in force. If the temporary general license is not renewed and ZTE stays on the list, the ability of the U.S. exporter to send replacement parts to ZTE or, alternatively, to repair the item in the United States and return it to ZTE will be in question. It would not surprise me if the temporary general license does not get much use.

Permalink Comments Off on ZTE Gets Last Minute Reprieve (Sort Of)

Bookmark and Share

Copyright © 2016 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)



Package Forwarder Coughs Up $60K For Export Violations

Posted by at 10:18 pm on June 21, 2016
Category: BISChina

Fulfill Your Packages HQ via Google Maps [Fair Use]
ABOVE: Fulfill Your Packages HQ

The Bureau of Industry and Security (“BIS”) issued settlement documents last week indicating that a California company called Fulfill Your Packages agreed to pay a $250,000 fine, of which $190,000 was suspended if the company behaves itself for the next two years and commits no further export violations. At least from the facts recited by BIS, it’s a very odd case.

Fulfill Your Packages is apparently a company that agrees to serve as a local address for Chinese companies. Those companies order products from U.S. companies which Fulfill Your Packages dutiful re-packages and ships to China. Frankly, a better name for the company might be Ginormous Export Red Flag, Inc., but I suppose Fulfill Your Packages sounds better.

The violation arose from an unnamed Chinese company ordering an export controlled FLIR thermal imaging camera from an unnamed U.S. company which then shipped the camera to Fulfill Your Packages’ address in Portland, Oregon. The Google Street View of that address reveals a large warehouse. Google itself further reveals that the address is used by several logistics companies and, oddly, a liquor store.

When Fulfill Your Packages received the package, it dutifully repackaged the FLIR system and arranged for the USPS to pick up the package. For reasons that aren’t clear, Fulfill Your Packages described the item on shipping documents as “metal parts” even though its own order system described the item as an “infrared webcam/surveillance installation kit.” It also stated the value as $255 even though the distributor’s invoice for the camera received with the package listed the value at $2,617. It’s not clear at all why the company, for the small fee it was receiving, would falsify the export documents. It didn’t really have a dog in the race. Of course, it could be simple incompetence. Or perhaps it was some conspiracy with the Chinese purchaser for a large sum. There’s no way to tell.

But what about the distributor that shipped a FLIR system to a warehouse in Oregon for a Chinese customer? Don’t they bear some responsibility here? They didn’t ignore red flags, they ignored red banners the size of a skyscraper. Or maybe not. The BIS documents suggest that BIS thwarted the shipment before the USPS arrived to pick up the package. What likely happened here is that the distributor did do its job, did consult the all-knowing wizard of Google while evaluating the order, smelled a rat and called BIS.

The lesson here is that the Internet is your friend and that orders for export controlled items should not be fulfilled without doing the research that is now, literally, at your fingertips.

Permalink Comments (2)

Bookmark and Share

Copyright © 2016 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)



Woman Indicted for Failure to File Electronic Export Information Forms

Posted by at 11:19 am on April 25, 2016
Category: BISChinaCriminal Penalties

Harbin Engineering University via [Fair Use]
ABOVE: Harbin Engineering

Amin Yu bought things for Harbin Engineering University (“HEU”) in China — all EAR99 items, none of which required an export license. She listed an incorrect value for the items on documents that she gave to UPS, FedEx and various freight forwarders. As a result, none of them filed Export Electronic Information forms for the shipments. The federal government has now indicted Yu, accusing her of being a Chinese spy and indicting her for failure to file the required EEIs. This is the first and only indictment of anyone for failing to file EEIs for EAR99 items. It’s rather like accusing someone who put the wrong postage on a letter with being a terrorist.

The first count of the indictment (in case newspaper crime reporters get bored and don’t read the whole thing) is for failure to register as a foreign agent under the Foreign Agents Registration Act (“FARA”). This is catnip for reporters who quiver with excitement each and every time they can give their editors a story with the word “spy” in it. Even the once venerable Newsweek fell for this ploy, referring to Yu in its headline as a “Chinese Spy.”

These FARA counts are also, as we’ve seen before, a sure sign that the government has a lousy case that it can only win with a generous dollop of press-induced hysteria about the defendant.

The problem with these bogus FARA “spy” counts is that it is not illegal to buy stuff for foreign governments (or foreign government-run universities as was the case here.) A significant exclusion is set forth in section 3(d) of the act for certain “non-political” activities, including “engaging … in private and nonpolitical activities in furtherance of the bona fide trade or commerce of such foreign principal.” In other words, acting as a commercial agent for foreign governments, foreign companies and foreign individuals by buying stuff for them does not make the person engaged in that activity a foreign agent required to register under the act. (The requirement that the trade be bona fide is to prevent the foreign principal from trying to spread influence in the United States by having its agents buy items that it doesn’t need.) And when you read the indictment that is all that Yu did: she bought things for HEU.

As to the EEI-related counts, things are not much better with the government’s case. It appears that in some instances the EEIs weren’t filed because the amounts declared for the exported goods were too low. Whether this was anything other than an attempt to reduce Chinese import duties when the items arrived in China is unclear. In some instances, it is not clear at all why the forwarders and shipping companies did not file EEIs because the declared values where above the EEI exemption limit of $2500. The indictment also focuses on an instance where the shipping documents did not use Yu’s full name and another where the address of HEU was missing.

What appears to have gotten the DOJ all worked up here is that the items involved could be used for unmanned submersible vehicles. But so far the federal government has put no controls on these items, which at the moment are mostly being used for oceanography, deep-sea exploration, underwater oil prospecting, and meteorology. If the government doesn’t want the Chinese developing underwater submersibles with U.S. origin goods, it knows how to do it and, for some reason, hasn’t.

Photo Credit: Harbin Engineering University via [Fair Use]

Permalink Comments (1)

Bookmark and Share

Copyright © 2016 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)



Beijing’s Review of U.S. Software Risks Export Woes for Those Who Allow It

Posted by at 10:43 pm on October 19, 2015
Category: BISChinaEncryption

140515-D-VO565-003 by Chief of Joint Chiefs of Staff via Flickr [Public Domain - Work of U.S. Government]

An article that appeared last Friday in the Wall Street Journal suggests that at least one U.S. company is providing the Chinese government with access to proprietary U.S. source code as a condition for access to the Chinese market. What could possibly go wrong with that??

Just as a burglar, who normally suspects everyone else of having his own larcenous motives, puts extra bars on his own doors and windows, the Chinese seem to be worried that U.S. software might have backdoors that allow the U.S. to hack into Chinese systems. Imagine that.

IBM has begun allowing officials from China’s Ministry of Industry and Information Technology to examine proprietary source code—the secret sauce behind its software—in a controlled space without the ability to remove it from the room, the people said. It wasn’t clear which products IBM was allowing reviews of or how much time ministry officials can spend looking at the code. The people said the practice was new and implemented recently.

The Wall Street Journal suggests that this access, which is designed to quell Chinese fears that the U.S. will do unto China what China has done unto the U.S., is largely symbolic because the Chinese are not being given sufficient time to comb through thousands of line of code looking for back doors.

The problem here, however, is that most software programs these days, particularly ones that might have “back door” entry concerns, will have encryption; and the EAR poses special restrictions on exporting certain types of encryption source code to certain government end-users. Encryption source code that is classified as ECCN 5D002 (i.e., is not mass market) and is not publicly available is classified under section 740.17(b)(2)(i)(B) of license exception ENC. Under paragraphs (1) and (2) of the Note to 740.17(b)(2), such encryption source code can, after a classification request, be immediately exported under license exception ENC to any end-user (including a government end-user) in a Supplement 3 country and to non-government end-users in countries, such as China, which are not a Supplement 3 country. However, exports of 5D002 encryption source code that is not publicly available, i.e., that is not available by download or otherwise to members of the public, can only be exported to a government end-user outside Supplement 3, such as the Chinese government, with a license from the Bureau of Industry and Security.  (A very good chart explaining the baroque complexities of  license exception ENC  can be found here.)

Now, here’s the catch. Most encryption algorithms are publicly available, but the code used by specific software to implement that algorithm is not. Indeed, if that code were publicly available, the Chinese wouldn’t need to review it, and the reviewing company would not insist that the code be examined in a “controlled space.” Indeed, you have to imagine that it is precisely the non-public code implementing the public algorithm which would be of most interest to Chinese reviewers concerned about U.S. software having back doors for Uncle Sam to come snooping.

Let me be clear: I’m not saying that IBM has broken any laws here. We don’t know whether the software being examined is 5D002 software or, if it is, that IBM hasn’t applied for and received a license. Rather my point is this: companies that consider giving source code access to the Chinese should only move ahead with a great deal of caution if the software utilizes encryption.

Permalink Comments Off on Beijing’s Review of U.S. Software Risks Export Woes for Those Who Allow It

Bookmark and Share

Copyright © 2015 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)



White House Fires First Salvo at Chinese Government Hacking Activities

Posted by at 12:47 pm on April 2, 2015
Category: ChinaCyber WeaponsEconomic SanctionsOFAC

By Poa Mosyuen (Own work) [CC-BY-SA-3.0 (], via Wikimedia Commons the Office of Foreign Assets Control published an executive order and accompanying FAQs under which the White House establishes the circumstances under which it will add certain persons and entities engaged in hacking computers and networks in the United States to the Specially Designated Nationals and Blocked Persons list. U.S. persons would be prohibited from engaging in any transactions with any of the designated cyberviolaters and all property of the cyberviolaters that comes into the United States or under the control of U.S. persons would required to be blocked.

Unlike most executive orders of this type, no parties have been designated yet under its authority; it is purely prospective in nature. This suggests that the order is, for the moment, mostly a diplomatic salvo and that its likely target is China. The numerous cyber attacks on the United States by China, including the recent Anthem breach, have been well documented and just as vociferously denied (in a clear methinks the lady doth protest too much” fashion) by the Chinese government.

Whether this will be effective in deterring China remains to be seen. One response by China to any future designation might be to double down and engage in cyber retaliation. Given the asymmetric nature of cyber warfare between the U.S. and China, due to the fact that the U.S. is more connected and more vulnerable than China, such retaliation cannot be discounted.

An additional point should be made on these new sanctions. I have seen some popular tech media and bloggers suggest that the sanctions might be applied to domestic hackers, even relatively benign ones doing things similar to what got Aaron Schwartz in trouble. It is important to remember, however, that the International Emergency Economic Powers Act, under which the executive order was issued, restricts the scope of the order to blocking “any property in which any foreign country or a national thereof has any interest,” thereby preventing purely domestic application of these sanctions. A domestic hacker would have to be working on behalf of a foreign country or foreign national to be designated under the new cyber sanctions.

Permalink Comments Off on White House Fires First Salvo at Chinese Government Hacking Activities

Bookmark and Share

Copyright © 2015 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)