Archive for the ‘DDTC’ Category


Jul

19

Why One of the Swapped Prisoners Did Not Return to Iran.


Posted by at 9:55 pm on July 19, 2017
Category: Criminal PenaltiesDDTCITAR

Nima Golestaneh Mug Shot [Fair Use]
ABOVE: Nima Golestaneh

In January 2016 the United States and Iran engaged in a prisoner swap. None of the freed prisoners returned to Iran, instead they all chose to remain in the United States, including Nima Golestaneh, the only Iranian national in the group. (The remainder were dual U.S.-Iranian citizens). Golestaneh, who had been nabbed in, and extradited from, Turkey, had been convicted of a scheme to hack into Arrow Tech in Vermont and send its ITAR-controlled software back to Iran.

Now we have a pretty good idea why he may have been selected for a pardon and why he decided that going back to Iran might not have been such a good idea. Yesterday, two Iranians, Mohammed Ajily and Mohammed Rezakhah were added by OFAC to the Specially Designated Nationals and Blocked Persons List (the “SDN List”) and the Department of Justice announced that an indictment against the two had been unsealed. The indictment reveals that Ajily and Rezakhah were Golestaneh’s co-conspirators in the hacking scheme, and it seems certain that Golestaneh made a deal and dropped the dime on Ajily and Rezakhah.

Both Ajily and Rezakhah are currently in Iran and probably have no current plans to visit Disneyland or anywhere else outside Iran. It’s also safe to assume that Golestaneh would not be welcomed with open arms should he turn up in Iran. In fact, that would be an instance of going from the frying pan (a U.S. jail) into the fire (an Iranian one).

The indictment details Golestaneh’s role in the hacking conspiracy. Apparently his job was to procure servers in Canada and the Netherlands. These enabled Rezakhah to download the Arrow Tech software without using an IP address from Iran, which likely would have been blocked by Arrow Tech. The software would not run without a hardware dongle from Arrow Tech, and Arrow Tech informed foreign customers that they would need an export license to obtain the dongle. That dongle not doubt contained the digital key needed to decrypt the program and allow it to run. It looks like Rezakhah hacked into Arrow Tech’s servers to obtain the digital key needed to decrypt the program.

Of course, it’s not just Rezakhah who has a problem in this scenario. If in fact, if Arrow Tech allowed foreign download of ITAR-controlled encrypted software without a license, that was arguably problematic. DDTC has taken the position that items are exported even if encrypted. And, if there is support for that position by DDTC, it can be found in this case, which demonstrates that there is always some possibility that the encryption will be broken. (It now appears that Arrow Tech distributes the software only by optical media and not by download). One has to wonder if the failure of DDTC to adopt rules like those adopted by BIS which exempt encrypted items from the definition of export is, at least in part, the result of what happened in this case.

One other thing bears noting here, namely, the most amusing irrelevant statement ever put in a criminal indictment. For some reason, the indictment notes that Ajily, Rezakhah’s co-conspirator “received certificates of appreciation for his work from several of the Iranian government and military entities.”   Seriously, he got certificates he could frame and hang on his office wall.  Awesome.  That was a clear violation of the law that forbids receiving certificates of appreciation from Iran.  I have to imagine that this factoid comes from Golestaneh who, when he was singing to the DOJ, said something on the order of  “Ajily got certificates and all I got was this lousy jumpsuit.”

Permalink Comments (1)

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Jul

11

Don’t Believe Everything You Read in Blogs


Posted by at 5:54 pm on July 11, 2017
Category: BISDDTC

Road Warrior at LAX by Clif BurnsA lawyer, without any apparent background in export law, recently decided to write a post on export law for “In House,” which bills itself as the “FindLaw Corporate Counsel Blog.” The purpose of the post, it would seem, is to frighten people traveling internationally with their laptops with the suggestion that they may well be greeted on their return trip by an arrest warrant if they don’t have an export license for their laptop. No, really, he actually says that

Traveling abroad? Don’t forget your passport, your laptop, and your export license.

Wh-what export license? Oh, maybe your company attorney didn’t tell you that your laptop requires an export license.

That’s right, the United States requires a license for certain technology and software going abroad.

What the FindLaw post, in order to maximize clickbait value, never reveals is that while technically true that some laptop exports require an export license due to software or technology on that laptop, there are broad license exceptions which mean that, as a practical matter, such licenses are almost never required. That’s what License Exceptions TMP and BAG and the exemption in section 125.4(b)(9) of the ITAR are for. These are, oddly enough, never even mentioned in the FindLaw blog post.

I discussed these provisions permitting laptops to be exported without a license recently in a post about whether a requirement to check laptops in the cabin hold might mean that these provisions would no longer apply. As explained there, section 125.4(b)(9) and license exception BAG permit export of laptops (and any software or technology on them) accompanying passengers and for their personal use as long as the laptop is password protected. License exception TMP requires that the laptop remain in the effective control of the traveler. (The difference between BAG and TMP is that BAG applies to laptops owned by the traveler and TMP applies to company laptops taken on a business trip).

So, no, if you password protect that laptop and keep it with you on your travels, you’re not going to need a license just to take the laptop with you. (If you intend to transfer the laptop or give the technology or software to someone else in the foreign country, these exceptions won’t apply.)

This all goes to show that, with perhaps one exception, don’t believe everything you read on a blog!

Photo Credit: Road Warrior at LAX by Clif Burns. Copyright 2015 Clif Burns

Permalink Comments (1)

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Jun

22

The Chewbacca Defense: Export Edition


Posted by at 5:26 pm on June 22, 2017
Category: Arms ExportCriminal PenaltiesDDTC

Human Cannonball by Laura LaRose [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://flic.kr/p/6shAzP [cropped and processed]The decision in United States v. Burden, decided back in November of 2016, is not breaking news, but as I’ve seen several commentaries on it recently, I thought I might weigh in.  The defendants in that case argued that they had not violated the Arms Export Control Act because — get this — ammunition magazines and grenade launcher mounts, according to the defendants, are not defense articles. The defendants argued that these items are not defense articles because they can also be used with airsoft guns.  Accordingly they claimed the magazine and mount are not defense articles as defined in section 120.4 of the International Traffic in Arms Regulations and no license was required for their export.   This is pretty much like arguing that cannons are not defense articles because you could use them in circuses to shoot people into trampoline nets.

For reasons that are not clear, this led the District Court to actually consider whether these items were defense articles or not as defined in section 120.4.  That section deals with commodity jurisdiction determinations and had no relevance to the case under consideration.  The question properly before the court was whether the grenade mounts and ammunition magazines are on the United States Munitions List (“USML”), not whether they are defense articles.

If the items are on the USML, they are by definition defense articles.   The very first sentence of the USML makes this crystal clear:

U.S. Munitions List. In this part, articles, services, and related technical data are designated as defense articles or defense services pursuant to sections 38 and 47(7) of the Arms Export Control Act.

This means that the only real question the court had to answer was whether the grenade mount and ammunition magazine were described in Category I(h) of the USML which covers “[c]omponents, parts, accessories and attachments” of firearms described in Category I, subparts (a) through (h). It doesn’t matter that these items can be used on airsoft or paintball guns any more than it matters that a cannon can be used in a circus act or a performance of the 1812 Overture. Certainly the magazine meets the definition of a component and the mount meets the definition of an attachment and that, pretty much, should have been the end of it.

Even so, the court decided that the items were defense articles not because they were on the USML but because an expert witness from DDTC said that they were defense articles. The expert in question was Robert Warren, formerly Division Chief of the Plans, Personnel, Programs, and Procedures Division of DDTC, an odd choice in comparison to, say, the division chief for the division that handles licensing for firearms.  In any event, the court noted that Warren testified that “a defense article as we termed it is anything that has a military significance or military application.”  And that, according to the court, settled the question as to whether the mount and the magazine were defense articles.

Of course, the idea that something is a defense article if it has a military application is the equally stupid mirror argument to the defendants’ nonsensical claim that something is not a defense article if it has a non-military use.  Under the standard articulated by Warren, a water canteen purchased at a camping store or a pair of camo pants purchased from a clothing store would be defense articles.

As noted above, there was no need for anyone to dive down this rabbit hole and figure whether the mount and the magazine were defense articles.  If they were described by Category I(h) as attachments and components of firearms then they were defense articles.  End of story.  No further proof as to whether they were defense articles was necessary.   And, given that the defendants did not appear to dispute that these items were components and attachments of firearms but only that they were defense articles, it is not unfair to accuse them of raising the fabled Chewbacca defense.

Photo Credit: Human Cannonball by Laura LaRose [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://flic.kr/p/6shAzP [cropped and processed]. Copyright 2009 Laura LaRose

Permalink Comments (1)

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Jun

20

Shedding Light on Gun Exports on the Dark Web


Posted by at 9:57 pm on June 20, 2017
Category: Arms ExportCriminal PenaltiesDDTC

Cobray M-11 Pistol via https://www.gunsamerica.com/UserImages/199/917418641/wm_md_10452136.jpg [Fair Use]
ABOVE: Cobray M-11 Pistol

Two geniuses in Georgia hit on what they must have imagined was the perfect crime: sell guns to foreigners anonymously on the dark web; get paid anonymously in Bitcoins; make a billion dollars; spend the rest of their lives watching extreme wrestling and tractor pulls on cable TV. Except, of course, what really happened means that their cable TV viewing options over the next few years are likely to be extremely limited.

Even if, as the dog in the famous cartoon tells the other dog, “on the Internet nobody knows you’re a dog” (or a gun smuggler), you can’t stay on the Internet forever. Not surprisingly, even though the two defendants tried to cloak themselves behind the dark web and supposedly anonymous cryptocurrency, they still had to leave their computers, buy the guns, take them to the post office and ship them to real people. And that, as they say, was all she wrote.

According to the indictment, the two defendants, Gerren Johnson and William Jackson, who used the pseudonyms CherryFlavor and CherryFlavor_2, first captured the attention of authorities when a 9mm pistol was “recovered” in the Netherlands from a buyer who said he bought the gun from dark web vendor named CherryFlavor. Shortly thereafter Australian customs recovered another pistol hidden in a karaoke machine (see, nothing ever good comes from karaoke), and the Australian buyer also identified his seller as CherryFlavor.

And here’s how the feds figured out who was hiding behind the CherryFlavor screen name: according to the indictment, Johnson bought an unusual gun, a Cobray Model M-11 Georgia Commemorative 9mm pistol from a dealer in Georgia. Two days later he posted the gun for sale on his dark web site. Now the feds had the link they needed: a non-virtual gun dealer making a real sale in the real world to a real person of a real gun that then shows up on CherryFlavor’s page. Game over.

The interesting thing is what Messrs. CherryFlavor are charged with in the indictment. The first count is operating an unregistered firearms business. The second and third counts are for exports of two guns in violation of the anti-smuggling statute, 18 U.S.C. 554, which forbids exports from the United States “contrary to any law or regulation of the United States.” Oddly, the law said to be violated was not the Arms Export Control Act but 18 U.S.C. § 922(e) which prohibits shipping a firearm without disclosing to the shipper that a firearm is being shipped.

So why aren’t the defendants charged with what appears to be a clear violation of the Arms Export Control Act? We know that prosecutors have argued, not very persuasively, that the knowledge requirement for violations of section 554 is just an intentional export without any requirement that the defendant knows the intentional export is in violation of law. But here, if the allegations of the indictment are true, the case that the defendants knew what they were doing is, as they say, a slam dunk. They sold guns to foreign customers using pseudonyms on the dark web in exchange for Bitcoins and sent the guns hidden in karaoke machines. Criminal intent does not get much clearer than that. My guess is that there is more going on here than Dumb and Dumber selling guns on the dark web. Charges like this suggest that the prosecutors have negotiated with the defendants in exchange for some broader cooperation. If that’s true, it will be interesting to see what happens next.

UPDATE:  Commenter “Name” makes a good point: because the case is in the 11th Circuit, the prosecution has to deal with a stricter intent requirement and has to show that the defendants knew that an export license was required.  See United States v. Macko, 994 F.2d 1526 (11th Cir. 1993).  The defendants’ concealment of the gun in a karaoke machine shows a knowledge of illegality but, perhaps, not necessarily a knowledge of a license requirement under the AECA.  It was for this reason, the commenter said, that the charge was under 18 U.S.C. § 554, which might not be subject to the stricter intent requirement.  Commenter “Name” used a VPN to conceal his/her identity and location, so I suspect this is a person who has some actual knowledge of why the government charged this case the way it did.

Permalink Comments (1)

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Apr

11

Un Pour Deux, Deux Pour Un! (An ECR Swashbuckler)


Posted by at 11:26 pm on April 11, 2017
Category: DDTCExport Reform

Brian J. Nilsson via https://www.state.gov/r/pa/ei/biog/bureau/250013.htm [Public Domain]
ABOVE: Brian J. Nilsson

Many readers were likely wondering what impact the Trump Administration’s new one-for-two executive order would have on export control reform. As you probably know, that is the order that says for every new rule adopted by a federal agency two other rules must be thrown out — sort of like a closet cleaning rule: for every new shirt I buy, two old ones need to be donated or thrown out.

Well, never fear. At the last DTAG meeting, Deputy Assistant Secretary of State for Defense Trade Controls Brian H. Nilsson said that this new rule would somehow not apply to DDTC rules and that the agency was moving ahead on export control reform unencumbered by the order, or at least that’s being reported by those who attended the meeting. As much as I would like to believe this, particularly inasmuch as Categories I, II and III of the United States Munitions List have still not gone through the export control reform process, I am filing Deputy Assistant Secretary’s statement under “wishful thinking”(if not under “alternative facts”). The Executive Order itself lists no exemptions whatsoever. Now that doesn’t mean that some time in the future someone might realize how silly such a rule is and put another Executive Order with some exemptions to the one-for-two order in front of the President for him to sign.

But until that happens, DDTC can’t amend any part of the USML without slashing two rules for each one added. Oh, and by the way, is anyone else wondering how the counting of rules is done here? If section 121.1 is amended to provide a new version of, say, Category I, II and III, what exactly has to be sacrificed on the altar of the executive order? After all only subsection 121.1(b)(2) of the rule set forth 121.1 would be altered. Does DDTC have to ditch two entire rules, like, say, sections 129.3 and 130.1 (my nominees  for jettisoning) or can it get away with ditching two subsections, such as  128.7(a)(3) and 123.22(c)(1), both of which no one would ever miss?

UPDATE:  As pointed out by commenter TJ below, the Executive Order does indeed exempt “regulations issued with respect to a military, national security, or foreign affairs function of the United States.”  So ECR is safe for the moment, although my query as to how rules are counted for purposes of the one-for-two rule remains valid in other contexts.

 

Permalink Comments (1)

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)