OFAC this week issued a general license redefining the term “Palestinian Authority” as that term is used in three sets of U.S. sanctions regulations relating to terrorism. The change was only to add a phrase to account for Prime Minister Salam Fayyad’s resignation. You may be asking yourself how we got to the point where OFAC issues licenses to redefine a regulatory term because of the resignation of a foreign political leader. The answer is, not surprisingly, not so simple.

The Palestinian Authority (PA) is not, and never has been, on the SDN List. But back in 2006, OFAC announced, by virtue of the Hamas victory in the PA legislative elections, it determined that Hamas “has a property interest in the transactions of” the PA and, therefore, “U.S. persons are prohibited from engaging in transactions with” the PA. The strained logic that an entity has a property interest in the transactions of a government because individuals affiliated with the entity won a plurality of a legislative election vote was implemented into the terrorism regulations as interpretive provisions, which still exist. This was a harbinger for things to come.

In 2007, as a result of Prime Minister Fayyad’s appointment, OFAC issued a general license authorizing U.S. persons to engage in all transactions with the PA that were otherwise prohibited by defining the PA to be the government of President Abbas and Prime Minister Fayyad. OFAC could have, instead, at that point explained the situation and removed the interpretive provisions from the terrorism regulations. It did not, and we commented here on the oddity of this situation over five years ago. The new general license this week perpetuates the situation further. Now the regulations include the interpretive provisions, the 2007 general license and the new general license clarifying the other general license.

It should not be this complicated. If OFAC’s goal is to hedge its bets that the PA may at any time fall back under control of Hamas, which the Gaza Strip effectively has been since 2007, there are more direct ways to make the PA subject to sanctions that are easier for U.S. persons to follow and understand. The most obvious candidate, if the United States believed there was a Hamas-related terrorism threat with the PA, would be adding the PA to the SDN List or some form of direct sanctions. If not direct, then an interpretive provision is second-best, but one that provides a more realistic justification than the current “property interest” logic. Of course, a new interpretive provision would put the onus on OFAC to explain further notions of ownership and control that have thus far not received enough attention.

Until then, we will wait for the next general license when the new prime minister is determined.

Frequent readers of this blog will no doubt be aware that OFAC has issued a series of general licenses permitting provision in sanctioned countries of services incident to personal communications over the Internet. However, General License No. 5 for Syria explicitly excludes from the General License “domain name registration services.”

Of course, shutting down the sites now does not negate the violation that occurred in providing these web hosting services to Syria in the first place. And a large part of the problem here is that domain services are normally provided without any human involvement. A registrant fills out a web form, hands over a credit card number to pay for the annual fee, and a computer program takes care of the rest. Add to that, as the famous New Yorker cartoon caption suggests, “on the Internet, nobody knows you’re a dog.” It is simply not clear how Network Solutions could screen out every registration from an embargoed country. Instead, it seems the best an Internet registrar can do is shut down the domain names once it learns of the problem.

The big questions, then,  are this: does Network Solutions have a voluntary disclosure pending at OFAC on this and what will OFAC’s response be?

This is where the head-scratching should begin.  A lot has happened in the past year or so that one would think warrants an updated (and apt) notice.  In late 2011, Secretary of State Clinton made the first State visit to Burma since 1955.  Last May, the President nominated the first U.S. ambassador to the country in over two decades.  Just this past November, the President became the first sitting president to visit Burma.  Most important to U.S. businesses was OFAC’s significant relaxation last year of countrywide sanctions prohibiting the export of financial services to Burma, new investments in Burma and imports from Burma.

All of these events are major developments in U.S.-Burmese relations.  So why would the White House use a boilerplate notice when it could have taken the opportunity to depict an accurate picture of what U.S. foreign policy currently is?  The notice is, of course, a legal requirement and the Burmese government has not shed all doubt over its commitment to democracy and human rights.  But describing the situation as an “unusual and extraordinary threat” to the United States without any further context?  In light of all this Administration has accomplished with Burma, it seems odd and misleading to use an off-the-shelf response in this instance.

One consequence of this on the U.S. business community will likely be time and resources many spend confirming that the sanctions that have been lifted against Burma have now not been repealed.  Such a sanity check would be reasonable given the notice and especially for those who have begun exploring business with Burma.

The Administration should have a complete and consistent script of what U.S. foreign policy is with respect to Burma so it, and the rest of us, can all be on the same page.

Not surprisingly, DDTC takes the position that these plans are technical data relating to an article in Category I of the USML and that putting the plans on the Internet is an export of that technical data. Of course, whether these plans are technical data may not be entirely clear given the public domain exception to the definition of technical data. Detailed gun schematics are available in numerous widely available publications and all over the Internet. A Google search, for example, quickly brings up these schematics.

But leaving aside whether or not these plans are controlled technical data that cannot be put on the Internet without a DDTC license, this whole brouhaha seems to be a waste of time by DDTC. Real guns that won’t blow up in your hand, can fire multiple shots before falling apart, and which can be much more cheaply manufactured are readily available outside the United States, so the danger posed by exporting these plans is, well, non-existent. Foreign militaries aren’t very likely to abandon their AK47s now that they can print their own plastic handguns. Worse yet, the plans had apparently been downloaded more than a 100,000 times before the Feds dropped the ban hammer. There is no way that DDTC can now stuff all that toothpaste back in the tube.

Finally, the DDTC letter seems to concede some uncertainty about whether the plans are technical data. Instead of simply demanding the removal of the plans and threatening enforcement action, the letter requests that Defense Distributed file a commodity jurisdiction request to “resolve” the “proper jurisdiction” of the technical data “officially.” So, stay tuned, this affair is far from over.

(The picture of the plastic gun parts from the Defense Distributed site that illustrates this post has been pixelated for your protection.)

The reason that these activities are alleged to be illegal is that the lights and the pump were imported from a company that had been designated by the Office of Foreign Assets Control (“OFAC”) as a Specially Designated National (“SDN”). Any transaction with an SDN, whether an import or an export, is prohibited.

As background, the indicted man, Gary Tsai is the son of Alex Tsai, a resident of Taiwan.  The father Alex Tsai was designated along with companies he controlled by OFAC on January 16, 2009, after he had been convicted in a Taiwanese court for sales of machinery to North Korea. Although the complaint details a number of exports by Gary Tsai to Alex Tsai and his designated companies prior to their designation by OFAC, these are not, and obviously cannot be, alleged to be illegal. Instead, I suppose, all the pre-designation transactions are provided for a bit of color. Who says prosecutors don’t like to have fun?

Most interesting, however, is that the imports in question are not just charged, as one would predict, as violations of the International Emergency Economic Powers Act, 50 U.S.C. § 1701 et seq., but also under 18 U.S.C. § 371 as a conspiracy to defraud the United States by obstructing enforcement of laws relating to the proliferation of weapons of mass destruction. That section is more widely known for its prohibition on conspiracies to commit any offense against the United States, but it also prohibits conspiracies “to defraud the United States.”

The statute in question was originally enacted in 1867 and appended to “An Act to amend existing Laws relating to Internal Revenue and for other Purposes.” Originally conceived as a revenue protection measure, the “defraud” prong of 18 U.S.C. § 371 has typically been employed in tax evasion cases.

In Haas v. Henkel, 216 U.S. 462 (1910), the Supreme Court expanded the scope of the provision and held

it is not essential that such a conspiracy shall contemplate a financial loss or that one shall result. The statute is broad enough in its terms to include any conspiracy for the purpose of impairing, obstructing, or defeating the lawful function of any department of government.

Of course, that formulation alone is overly broad and would criminalize any concerted action that somehow or other made the federal government’s activities more difficult. As the Ninth Circuit said in United States v. Caldwell, 989 F.2d 1056 (9th Cir. 1993), such a reading would make it illegal to agree not sell land to the government and force it to use eminent domain instead. In that regard, the Supreme Court in Hammerschmidt v. United States, 265 U.S. 182 (1924) said that the obstruction must occur through “deceit, craft or trickery.”

It is not at all clear from the criminal complaint what “deceit, craft or trickery” was used by Gary Tsai in importing the items in question from his SDN father. The best I can tell is that the government somehow thinks that because Gary Tsai and his father used Gmail accounts that did not contain their real names, this was some kind of trickery. It is hard to believe that any court will find some duty to use real names only for email addresses.

Picture this scenario: a U.S. defense contractor leases time on a Chinese satellite and uses the transponders of that satellite to beam ITAR-controlled technical data between and among its facilities in the United States. The Directorate of Defense Trade Controls (“DDTC”) which licenses exports of ITAR-controlled technical data by U.S. exporters and which has imposed an absolute ban on transferring such data to China would, pardon the metaphor, go ballistic. The defense contractor would be investigated, fined millions of dollars, forced to conduct public self-shaming sessions (i.e. compulsory self audits) and either debarred or threatened with debarment. The zombie apocalypse would seem a Sunday afternoon outing in the park compared to the terror that the agency would rain down on the guilty exporter.

Now, suppose that the U.S. defense contractor in this story is not a private contractor but instead . . . (are you sitting down?) . . . is the Pentagon. What has DDTC to say about this catastrophic breach of national security? Let’s listen: (Crickets chirping . . . crickets chirping . . .) Speak up, over there, Foggy Bottom. I can’t hear you. What? Nothing? Not a peep?

And, no, this is not merely a hypothetical. It is a fact.

Doug Loverro, deputy assistant secretary of defense for space policy, testified at an April 25 hearing of the House Armed Services strategic forces subcommittee that when he assumed his duties a month ago, he learned of DOD leases with a Chinese satellite service provider that were issued early last year following a joint urgent operational needs statement in support of “warfighter needs.”

“The warfighter needed [satellite communication] support in his area of operations. He went to the Defense Information Systems Agency to request that support,” Loverro said.

Loverro said DISA responded to the request by reaching out to its pool of providers. Only one of those providers, a company based in China, had the bandwidth available to meet the communications needs. …

“From that perspective, I’m very pleased with what we did,” Loverro said. …

According to Wired, the satellite in question is the Apstar-7, launched in China and operated by APT Satellite Holdings Ltd., which is owned by the PRC.

The point of raising this is not just to show the double standard the government exercises with respect to defense-related information but also to find some support for a potential problem that has been bedeviling exporters and (to a lesser extent) the export licensing agencies themselves — namely, the issue of the interaction between export law, controlled technology, the “cloud” and the use of the Internet and email for information transfer. Everyone pretty much agrees that if controlled technical data so much as traverses a foreign internet server for a nanosecond — even if the information originated in the United States and is being sent to another user in the United States  – there has been an unlicensed export of that data. And yet, no one who puts information in the cloud, or sends it by email, or otherwise transfers the data using the Internet can be certain of the path the information will take and that it won’t pay an infinitesimally brief visit to a server outside the United States. Does this mean that everyone with controlled data has foresworn the Internet, keeps all controlled data on paper locked in file cabinets and uses the good offices of the United States Snail Mail service to send it about? Of course not.

Instead, it appears that those who have thought about the vagaries of Internet routing and cloud storage have adopted, at least as a best practice and perhaps as a mitigating factor, the use of encryption on controlled technical data being sent by email or stored in the cloud even where this is intended to be a solely domestic transaction. Of course, there is nothing in the ITAR or the EAR that endorses this and, technically speaking, the export of encrypted technical data is still the export of technical data.

Now in that light, consider this nugget from Lovero’s testimony:

Based on his review of the leases, Loverro said, the agency followed all of the current procedures and operational commanders were aware of the safety and business concerns connected with such an agreement. Those commanders, he said, are equipped with the necessary encryption to protect the information being relayed.

File that testimony away, folks, because you may need it. In short, the DoD is endorsing the notion that encryption effectively prevents the transfer of controlled technical data to the Chinese even when it passes through their hands. I’m certainly not guaranteeing that this is a “Get Out Of Jail Free” card, but it might some day be all you have.

The Dubai subsidiary of Munich-based Computerlinks recently agreed to pay $2.8 million dollars to the Bureau of Industry and Security (“BIS”) to settle charges that the Dubai subsidiary exported sophisticated Internet surveillance software to Syria without the required licenses. BIS had previously placed one individual and one company in the U.A.E. on the entity list in connection with the unlicensed export of these Internet devices to Syria

The charging documents are unusually detailed and reveal what appears to have been a systematic effort by the Dubai subsidiary to lie to Blue Coat, the manufacturer of the devices, about the ultimate destination of the equipment. One of the exports at issue was described as follows:

On or about October 29,2010, Computerlinks FZCO placed an order with Blue Coat for eight devices used to monitor and control web traffic along with accompanying equipment and software. Computerlinks FZCO falsely stated that the items were intended for the Iraq Ministry of Telecom, concealing the fact that the items actually were destined for Syria. Upon receiving the order, Blue Coat reexported the items from its facility in the Netherlands to Computerlinks FZCO in the U.A.E. On or about December 15, 2010, Computerlinks FZCO directed the items’ transfer within the U.A.E. for their subsequent shipment to Syria for use by the state-run Syrian Telecommunications Establishment (STE).

This is one of the highest fines BIS has ever imposed, ranking, by my count, only behind the $15 million imposed on Balli Aviation and related companies in 2010. This is due, in part, to the fact that this violation was not voluntarily disclosed. In fact, judging from the gleeful and somewhat self-serving press release from Blue Coat commending BIS for whacking Computerlinks, it is reasonable to assume that Blue Coat discovered the diversion and dropped the dime on Computerlinks.

No doubt Blue Coat discovered the diversion because the devices that Syria used to snoop on its citizens were probably also snooping on Syria at the same time. And you have to be more than a little surprised that the people at the Dubai subsidiary of Computerlinks were too stupid to realize that this would happen.

OFAC last week issued its first general license for U.S. sanctions relating to Zimbabwe. The license authorizes for the most part “all transactions involving Agricultural Development Bank of Zimbabwe and Infrastructure Development Bank of Zimbabwe.” Both banks, however, are on OFAC’s SDN List.

Since the two banks have been and remain on the SDN List, the license does not unblock the banks’ property interests that had been blocked as of the date of the license. OFAC issued a similar general license in February of this year authorizing dealings with four banks in Burma but kept the banks on the SDN List and continue to block the banks’ property interests blocked prior to the license. A major development from these licenses is, of course, giving U.S. exporters local banking options that were previously unavailable and without them likely stymied business development in those countries.

Exporters should also take note, however, of how OFAC’s easing of sanctions through these licenses has an onerous side-effect on U.S. companies. If a company’s policy is to determine whether to deal with entities or individuals based on their presence on the SDN List or other relevant sanctioned party lists, the authorization granted to deal with listed banks through these general licenses would go unnoticed. Exporters now must check all the lists they routinely do as well as stay on top of licenses issued by OFAC to know whether someone has, from most exporters’ perspectives, been in effect delisted.

If these SDN-lite designations continue, exporters will either need to monitor closely OFAC’s daily activity or make sure their screening software is doing so for them, at least if they want to be sure they are not unnecessarily limiting their export opportunities.

Back in January 2012, this blog first reported on the strange case of Mojtabi Atarodi, a professor at Tehran’s prestigious Sharif University of Technology who was arrested in December 2011 the moment he landed in Los Angeles on the way to a medical appointment with his brother’s cardiologist. Several months later Atarodi was released on bail with a requirement that he wear a tracking device and remain under house arrest at his brother’s home in the United States.

The charges against Atarodi were (and still are) unclear, but Sharif University shortly after the arrest released a statement that Atarodi was accused of trying to buy basic laboratory equipment. The United States government has never released a statement on the case, which has remained sealed and still does not appear on PACER more than a year after Atarodi’s arrest. PressTV, an Iranian media outlet, reported in January 2013 that Atarodi had been sentenced to 56 months in jail, although I was unable to find any other news story confirming this report.

Just as mysteriously as he was arrested and, perhaps, sentenced, Professor Atarodi has now been released and has returned to Iran. The professor traveled to Tehran by way of Oman, which reportedly was engaged in negotiations to release Atarodi. The government of Oman stated that he had been released for “humanitarian reasons.” The United States government has issued no statement on Atarodi’s release.

The PressTV report on Atarodi’s arrival in Tehran quoted Atarodi as saying:

The US authorities knew about my academic background. Even the prosecutor general told me I should have never been arrested, jailed or tried in the first place. He said he was embarrassed to put me on trial, but he had no choice. He said he did it after receiving orders from Washington.

Even though I have reservations about whether the prosecutor said he was “embarrassed” to put Atarodi on trial, the complete silence by the U.S. government on this case, and the fact that the case still remains sealed, certainly invites speculation that the case against Atarodi may have been, shall we say, less than stellar.

I’m not so sure what those “legal barriers” are that would mandate shutting down the store entirely. To begin with, Samsung, which is  headquartered in South Korea, is not a U.S. person and isn’t subject to U.S. sanctions on Iran. One can be quite sure that no U.S. persons are involved in Samsung’s dealings in Iran, particularly since Samsung appears to want to continue to sell its phones and other electronic devices in Iran.

Even more perplexing, of course, is trying to reconcile the company’s stance with the general license issued by OFAC in 2010 authorizing the export to Iran of certain services and software incident to the exchange of personal communications over the Internet. The guidance issued by OFAC on that general license makes crystal clear that “free mobile apps related to personal communications” fall within the license. The guidance also announces “a favorable licensing policy” for license applications to permit export of paid mobile apps relating to personal communications to Iran.

Perhaps the real culprits here are the Angry Birds, the Bad Piggies, and the Fruit Ninjas. It is probably safe to say that these popular mobile device games, whether free, freemium or paid, do not relate to personal communications over the Internet and aren’t covered by either the general license or the favorable licensing policy. Rather than sanitizing the store by eliminating those pesky games, Samsung just decided to chuck the whole thing. And, of course, there may also be practical reasons why it was hard to keep the fingerprints of U.S. persons employed by Samsung off the app store.

Needless to say,  it is highly doubtful that whether the Samsung app store is open or closed will have any impact at all on Iran’s nuclear proliferation activities.