Archive for the ‘Technical Data Export’ Category



Might As Well Be Hung for a Sheep as a Lamb

Posted by at 9:58 pm on March 3, 2015
Category: Criminal PenaltiesDDTCTechnical Data Export

Mozaffar Khazaee [Credit: Essex County Mug Shot Catalog]
ABOVE: Mozaffar Khazaee

On February 25, Mozaffar Khazaee, a former employee of various defense contractors, pleaded guilty to illegal export of ITAR-controlled technical data to Iran. The case started with an audacious shipment from Connecticut to a freight forwarder in Long Beach, California, by Khazaee of 44 boxes labelled as household goods that, in fact, contained numerous manuals and other technical documents relating to the F35 Joint Strike Fighter and military jet engines. The boxes were intended for ultimate shipment to Iran. Further investigation revealed that these documents had been taken by Khazaee from defense contractors for which he worked and that taking these documents violated the contractors’ rules requiring return of all documents at the end of employment. Khazaee was initially arrested for charges, set forth in the criminal complaint, of illegally transporting stolen property across state lines.

Khazaee’s ultimate plea was for violation of the Arms Export Control Act. The superseding information that served as the basis for the plea, however, alleged the export of only one document (out of the 44 boxes of documents) which was asserted to contain controlled technical data designated under Category XIX(g) of the United States Munitions List.

Two things stand out about this case. First, the superseding information charged, and Khazaee pleaded guilty to, export of the document and not attempted export of the document. The problem is the document was seized in Long Beach and never left the country. Section 120.17 of the ITAR defines export as “taking a defense article out of the United States.” No matter what your feelings may be about Long Beach, California, it is definitively still in the United States last time I checked. There is some evidence that the boxes may have been loaded onto the Panamanian-flagged NYK Libra. But given the definition of United States in section 120.13, it is hard to argue that the document left the United States until the NYK Libra did.

The second thing of interest were statements made by Khazaee, and cited in the superseding information, to potential employers in Iran that his job advancement in the United States had been hindered by his Iranian nationality even though he was an American citizen.

Even though working industry being very exciting, with best pay salary and high-tech events, my original nationality being Iranian (which I am very proud of), has caused me tremendous issue and hindrances towards my progress and goals. I can’t make any publication in current job (everything is very proprietary and restricted, mostly military projects), I was rejected to participate in the new advance engine program (this is beyond F135 engine, it’s called AETD), purely based on my original nationality. This is the primary … reason for my consideration to move to Iran.

Obviously one wrong does not justify another. However, discrimination against a U.S. citizen based on his national origin,if this is what occurred here, is a violation of federal law. And given the unhealthy obsession of the DoD and DDTC on national origin, at least with respect to dual and third-country nationals, it seems at least possible that this may have occurred. It may well be that the best way to encourage loyalty among American citizens is to treat them all equally without respect to where they were born.

Permalink Comments Off

Bookmark and Share



Get Smart: Chinese Spy Edition

Posted by at 4:51 pm on September 24, 2014
Category: Arms ExportCriminal PenaltiesDDTCTechnical Data Export

By General Artists Corporation-GAC-management. [Public domain], via Wikimedia Commons Charlie and Alice, two self-professed PRC spies who branched out from smuggling crystal meth into the United States to attempting to export airplanes and military technology from the United States to the PRC. Things did not turn out so well for Charlie and Alice who probably should have stuck with drug trafficking. So, find a comfortable chair, grab a bag of popcorn, and prepare to be entertained by the story that unfolds in the Criminal Complaint filed against them and to which they just pleaded guilty.

It was a dark and stormy evening in Manila when a counterfeit cigarette smuggler introduced two undercover agents working for the United States to Hui Sheng Shen, a/k/a “Charlie,” and Huan Ling Chang, a/k/a “Alice.” According to Mr. Counterfeit Cigarette Guy, Alice and Charlie could help the UCs obtain methamphetamine.

Alice and Charlie, explaining to the UCs that email was insecure, set up a drop email account, gave the UCs the credentials for the account, and said that they should communicate via messages left in the draft folder. (This method is not particularly effective in hiding communications from the government when you’re dealing with undercover agents but, whatever, it’s the trendy spycraft du jour.) Using this method, a deal for a kilo of meth was consummated and shipped to the UCs in tea bags hidden in computer towers. (Of course, no customs inspector would ever be suspicious of tea bags in computer towers so this is yet another example of top notch spycraft by Charlie and Alice.)

Emboldened by their world-class narcotics deal, Charlie and Alice decided to move on to bigger things and just kinda casually dropped into a subsequent conversation with the UCs that they would, oh, by the way, like to buy a military aircraft. Because, naturally, guys who buy drugs normally have a warehouse of military aircraft that they can sell to the people they buy drugs from.  And Charlie and Alice wanted not just any airplane but a honking huge E-2 Hawkeye reconnaisance aircraft. “Sure, Charlie, I’ll leave one for you at the front desk of your hotel after you wire me $100 million dollars.”

Of course, knowing the sensitivity of such an operation, Charlie and Alice wanted to refer to the Hawkeye in code as the “Big Toy.” That way, they could always claim, if caught, that they were really talking about a 12-ton toy Tonka truck. At this point, one of the UCs hits comedy gold when he says to Charlie and Alice:

“Do you guys realize what this thing is?.. . This thing is like a um 757 plane — it’s on aircraft carriers. Those things don’t just disappear.”

Undeterred, Charlie and Alice still kept negotiating to buy the “big toy,” stating that their buyer, which they described as the “Chinese C.I.A.,” could afford it. The UCs, however, managed to steer them to something more manageable, something that could fit in a backpack, namely, a Raven RQ 11B UAV. Charlie and Alice explained that they could smuggle the UAV out of the United States by having scuba divers or remote-controlled submersible vehicles carry the items to an off-shore Chinese ship. They also planned to get the manuals out by taking pictures of the manuals, deleting the pictures from the memory cards and then having their friends in China recover the deleted images.

There were, of course, two problems with the deleted image trick. First, everyone (even Customs) knows about it and can easily detect and recover deleted images on digital camera memory cards. Second, Charlie and Alice were arrested while taking the pictures.

For those who want to try at home the recovering deleted images trick, here’s a quick guide on how to do that.


Permalink Comments (2)

Bookmark and Share



Bird Flu Research Flies Into Export Laws, Crashes, Then Burns

Posted by at 10:43 pm on April 11, 2012
Category: BISGeneralTechnical Data ExportWassenaar

Bird FluApparently international research on how best to prevent, contain and treat bird flu is now threatened by international laws restricting export of information relating to potential agents of biological warfare according to this report on NPR. The problem concerns research conducted by researchers in the United States and the Netherlands which resulted in a controversial paper concerning alterations in the virus that would make it more contagious. There was some concern that this information might be useful to terrorists and rogue states interested in biological warfare agents.

To address this concern, the decision was initially made to restrict publication of the study and related materials and to make them available only to designated researchers and government officials with “a need to know.” What apparently no one realized was that this would prevent the research from falling within the fundamental research exception and would, therefore, prevent cross-border discussions or transfer of the information without specific governmental authorization.

Once this was realized, the decision was made to eliminate the “need to know” restrictions and simply to publish the materials so that the research could be considered fundamental research and could be shared freely with researchers in other countries. But the government of the Netherlands is arguing that the publication of the research could not undo the effect of the earlier decision to restrict dissemination and that therefore the research could not be exported from the Netherlands without approval of that government.

This situation illustrates the difficulty in applying the fundamental research in practice. To begin with, there is no easy way to determine what is or is not fundamental research. Export lawyers and export professional at universities have tried to strengthen the case that research is eligible for the fundamental research exception by pointing to whether research was published or, even if not published, was permitted or required to be published under applicable grant contracts or university rules.

The conundrum here is whether sensitive material can be transformed into fundamental research simply by publication. If one group of researchers decides to release the information, does this act of a few individuals instantly transform the information into fundamental research? But if publication isn’t the standard for deciding what is fundamental research, what other standards are available and who should be able to apply those standards? What these questions without answers demonstrate more than anything else is the slippery slope that we head down when we try to apply export controls to information. Rather we should rely on classification rules and procedures to control dissemination of truly sensitive information.

Permalink Comments (3)

Bookmark and Share



Are You Now, or Have You Ever Been, a Spy?

Posted by at 5:00 pm on August 9, 2011
Category: DDTCDeemed ExportsTechnical Data Export

QuestionnaireWith the August 15 implementation date for the new dual and third country national rule fast approaching, I wanted to comment briefly on the Sample Questionnaire that the Directorate of Defense Trade Controls (“DDTC”) has proposed as an example of something foreign companies should use to review whether a dual or third-country national has “substantive contacts” with other countries. Under the new rule, foreign companies covered by a technical assistance agreement (“TAA”) can share technical data with full-time employees who are also nationals of countries other than the company receiving the data under the TAA. One of the conditions, however, for using that rule is that the foreign licensee must examine the “substantive contacts” of that third-country or dual national with other countries to determine whether there is a risk of diversion of the technical data outside the home country of the foreign licensee.

The sample questionnaire proposed by DDTC represents the agency’s suggestion as to one way that such screening should take place. Some of the questions are poorly drafted, and many of the others are just plain silly and can be roughly paraphrased as simply asking the person involved whether or not he or she is a foreign spy — as if they would answer that question truthfully if they were.

In the poor drafting category, we have this question:

Do you have business contacts, business partners, business contracts, brokers, or any other relationship with a business in another country or other countries subject to U.S. or U.N. embargo?

Because the question as to whether there are contacts with “another country” would necessarily include countries subject to embargo, the final clause is unnecessary and potentially confusing.

Also in the poorly drafted category, we have this incredibly broad inquiry:

Have you ever served in or provided information to the government of another country (e.g., military, foreign ministry, intelligence agency or law enforcement)?

Anybody who has ever traveled to a foreign country would have to answer this affirmatively because of the requirement to provide information to customs and immigration officials upon entry in to the country. And, of course, a third country national will have provided tons of information to his home country government in terms of tax returns, driver’s license applications, and the like. And what about state-owned enterprises? Does information provided to them constitute information provided to the government?

Then we have the “are you a spy” questions:

Do you have contacts with any other individuals or groups involved in acquiring controlled defense articles, including technical data, illegally or otherwise circumventing export control laws? Please explain the nature of that contact.

Do you have contacts with agents from another country or another country’s government?

Do you have contacts with agents from another country or another country’s government?

It is a little known historical fact that Mata Hari, when asked questions of these sorts, broke down into tears, confessed to the French government that she was a spy and asked to be immediately taken to the firing squad for execution.

The questionnaire also has the dual or third country national attest that he or she has given the company complete and accurate “social networking addresses.” Apparently whoever wrote this had heard that all the kids these days do these Twitter and Facebook thingies but didn’t really understand how any of them worked. There really isn’t any such thing as a “social network address,” unless the DDTC expects that something like be provided as a response to this question. Presumably the idea here would be that the employee has allowed the company to follow or “friend” the employee on Facebook, Twitter, Google Plus or the like. This would mean, I guess, that the foreign licensee will then inspect all the tweets or postings of the employee to make sure that he or she hasn’t said in one or more of them that they are passing controlled technical data to foreign government agents. It is probably easier just to not use the exemption.

Permalink Comments (2)

Bookmark and Share



Cloudy, With A Chance of Heavy Fines

Posted by at 5:45 pm on July 26, 2011
Category: Deemed ExportsExport ReformTechnical Data Export

Cloud ComputingThe Brookings Institution just issued a brief report entitled “Addressing Export Control in the Age of Cloud Computing.” The report raises more issues than it answers, which is not surprising given the brevity of the report and the uncertain state of the application of export rules and regulations to cloud computing.

One thing the report gets quite right is its observations that the questions of the application of export law to cloud computing are issues that pre-date the current cloud computing phenomenon and were raised initially by the trans-national characteristics of the Internet itself. Consider this example provided by the report:

Person A, a U.S. citizen located in the United States, sends an e-mail containing EAR-restricted information in the body of the message to Person B, a U.S. citizen who normally works at a location in the United States. Unbeknownst to Person A, Person B is on a short trip overseas. Person B logs onto his e-mail while overseas using a public computer in the lobby of his hotel, sees that he has an e-mail message from Person A, but since he does not have any reason to believe in advance that it will contain EAR-restricted information, proceeds to click on the message and read it.

Assuming this is an export violation, and under a literal reading of the Export Administration Regulations (“EAR”) it would be, who has broken the rules? The party sending the email without knowing it was going to leave the country or the party opening the email not knowing it contained export controlled data? The report piles on another question and another wrinkle: suppose the email provider moved the email on to a foreign server after noticing that Person B was accessing the email from abroad. Is the email provider guilty of an export violation? These same issues that are posed by a simple email are also posed when companies begin storing data on the cloud without full control or knowledge of where the cloud servers may be located.

Of course, the literal interpretation of export rules might well forbid the use of email, cloud services or the Internet in general with respect to export-controlled data. Is it time to shut off the computers, address a bunch of envelopes, and crank up the dusty postage meter in the back of your office?

The report suggests that regulators might avoid charges of Luddism and the enshrinement of nineteenth-century concepts of exports by looking at data encryption. Under current rules, data is exported if it crosses borders whether it does so as clear or encrypted text. Perhaps securely encrypted text can find a safe harbor from traditional concepts of export. And although the regulations do not currently take this approach, I have advised people emailing export-controlled data to do so always in encrypted form to guard against things similar to the scenario posed above. If the controlled data, through the miracle of the Internet, winds up on a foreign server, at least the contents of that data aren’t available in any practicable sense to any foreign persons with access to that server. If not a defense to the export violation, it is at least going to be a mitigating factor in any penalty action.

Permalink Comments Off

Bookmark and Share