Jul

6

A Boycott Is A Boycott Is A Boycott


Posted by at 6:06 pm on July 6, 2017
Category: Anti-BoycottBIS

Port of Fujairah by Port of Fujairah via http://fujairahport.ae/?page_id=355 [Fair Use]
ABOVE:Port of Fujairah

As you probably know, various Arab countries, including Saudi Arabia, the U.A.E. and Egypt have imposed a boycott on Qatar, allegedly because of remarks that appeared on the Qatar News Agency’s website where Qatar emir Sheikh Tamim bin Hamad Al Thani called Iran an “Islamic power” and, even worse, said Qatar has “good” relations with Israel. Qatar claims that the Sheikh never said this and that the QNA website was hacked. U.S. intelligence officials have said that this was likely the work of Vladimir Putin and his band of merry hackers, who were hoping to create a rift among the United States and its Arab allies — something the hack may well have accomplished.

What you may not know is that the Port of Fujairah, in the United Arab Emirates, has just banned from the port all maritime traffic coming from or headed to Qatar. Now, how many of you immediately thought of the Bureau of Industry and Security’s Anti-Boycott rules when you (just) heard this? “Pshaw,” you say, “those rules only apply to the Arab League Boycott of Israel.” But in fact the Anti-Boycott Rules never even mention that boycott. By their terms, they apply to any “unsanctioned foreign boycott.” Even though the rules go into excruciating details on all matter of things,  the term “unsanctioned foreign boycott” on which the whole byzantine edifice is constructed, is, oddly, never defined.  Even so, you can be pretty sure that the boycott against U.S. ally Qatar is one of those “unsanctioned foreign boycotts.”

That being said, consider the following scenario. A customer in Fujairah, UAE, wants to buy from you $2 million worth of fidget spinners. The purchase order contains the following clause:

The shipping terms for the purchased goods are DDP Port of Fujairah (INCOTERMS 2010). The good may not be shipped on a Qatari-flagged vessel or on a vessel that visited, or is destined to visit, Qatar.

Can you accept the order?

The Anti-Boycott rules do provide some limited exceptions to permit compliance with shipping instructions of boycotting countries. Section 760.3(b)(1)(i) permits a U.S. person to comply with a prohibition of shipping the goods on a Qatari-flagged vessel. In addition, section 760.3(b)(2)(i) permits a U.S. person to agree not to ship the goods through Qatar. However, the exceptions only apply to requirements for “shipping goods to the boycotting country.” Any restrictions on where the ship calls after that shipment is complete and the goods are delivered to Fujairah would be a violation of the rules.

So there’s something else for you to worry about. You’re welcome.

Permalink Comments (2)

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)



Jun

30

Jury Award for $60 Million Entered Against Transunion over SDN List Reports


Posted by at 4:49 pm on June 30, 2017
Category: OFACSDN List

https://www.instagram.com/p/BKeO97kg4MG/On June 20, a federal jury awarded a $60 million damage verdict against mammoth credit reporting agency Transunion arising from the company’s misuse of the Office of Foreign Assets Control’s List of Specially Designated Nationals and Blocked Persons (the “SDN List”) on credit reports. The plaintiffs in that case where individuals who were not on the SDN List but whom Transunion identified as such, resulting in adverse credit decisions for these individuals.

The class action lawsuit was based on a number of related violations of the federal Fair Credit Reporting Act and a similar California statute. Among the violations at issue were the provisions of section 1681(e) which requires credit bureaus to “follow reasonable procedures to assure maximum possible accuracy of the information concerning the individual about whom the report relates.” The Third Circuit in Cortez v. Trans Union, 617 F.3d 688 (3d Cir. 2010), previously rejected Transunion’s efforts in that case to make the implausible argument that the SDN List information it supplied with respect to credit applicants was not part of their credit report.

In the current case, the complaint details the experience of one of the representative plaintiffs with Transunion’s OFAC reporting. That plaintiff, named Sergio L. Ramirez, had a car loan denied because his name was similar to two entries on the SDN List, namely, Sergio Humberto Ramirez Aguirre and Sergio Alberto Cedulo Ramirez Rivera. Not only were the names different, but also the birthdate for Plaintiff Ramirez, which Transunion had in its file on the plaintiff, was different from the birthdates listed in the entries for the two aforementioned SDNs.

OFAC has issued guidance about the use of the SDN List by credit bureaus:

The text on the report should explain that the individual’s information is similar to the information of an individual on OFAC’s SDN list. It should not state that the information matches or that the credit applicant is in fact the individual on the SDN list unless the credit bureau has already verified that the person is indeed the SDN.

Even assuming that Transunion followed this guidance, which is not clear, it seems hard to justify transmitting the information to the car dealership when Transunion had information that clearly indicated the credit applicant was not either of the SDNs. It seems to me that credit bureaus can easily protect themselves from outcomes like the $60 million verdict by transmitting SDN information with a disclaimer but doing so only in cases where the credit bureau does not itself have information, such as birthdates, places of birth, etc., sufficient to resolve the potential hit.

Permalink Comments Off on Jury Award for $60 Million Entered Against Transunion over SDN List Reports

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)



Jun

28

OFAC Fines AIG for Drafting Error in Global Insurance Policies


Posted by at 10:40 am on June 28, 2017
Category: Cuba SanctionsEconomic SanctionsIran SanctionsSudan

IG Employees via http://www.aig.com/about-us [Fair Use]On Monday, the Office of Foreign Assets Control (“OFAC”) announced that insurance giant AIG had agreed to pay $148,698 to settle charges that it had insured 555 shipments involving Sudan, Iran and Cuba. Although some of the apparent violations involved single shipment policies to the sanctioned destinations or paying claims under global policies on shipments to those destinations, others involved simply accepting premiums under global insurance policies that were later used to cover shipments on which no claims were made to sanctioned destinations.

In November of last year, OFAC provided guidance on how global insurance policies should deal with U.S. economic sanctions

The best and most reliable approach for insuring global risks without violating U.S. sanctions law is to insert in global insurance policies an explicit exclusion for risks that would violate U.S. sanctions law. For example, the following standard exclusion clause is often used in open marine cargo policies to avoid OFAC compliance problems: “whenever coverage provided by this policy would be in violation of any U.S. economic or trade sanctions, such coverage shall be null and void.” The legal effect of this exclusion is to prevent the extension of a prohibited service (insurance or risk assumption) to sanctioned countries, entities or individuals. It essentially shifts the risk of loss for the underlying transaction back to the insured – the person more likely to have direct control over the economic activity giving rise to the contact with a sanctioned country, entity or individual. [11-16-07]

This is a sensible and reasonable policy with respect to global insurance policies. So, you must be assuming, AIG must have left the language cited above out of its global policies and that led to the fines. But you would be wrong. OFAC said this about the AIG global policies:

While a majority of the policies were issued with exclusionary clauses, most were too narrow in their scope and application to be effective.

And how were they “too narrow in their scope and application”? OFAC is not saying. Apparently, OFAC thinks it will be easier to fine other insurance companies later if it keeps secret the drafting errors in the global policies that made the exclusionary clauses in the AIG global policies “too narrow in their scope and application.” And what about those clauses other than most clauses that were too narrow?  Why was AIG being fined for shipments under policies where the exclusionary clauses were acceptable?

Worse yet, after staying mum on what was wrong with “most” of AIG’s exclusionary clauses beyond being “too narrow,” OFAC has the nerve to say this in its announcement:

This enforcement action highlights the important role that properly executed exclusionary clauses play in the global insurance industry’s efforts to comply with U.S. economic sanctions programs.

If “properly executed exclusionary clauses” are so gosh-darned important, then why on earth does OFAC refuse to give the insurance industry a single clue as to what exactly are  “properly executed exclusionary clauses” and what was wrong with “most” of the clauses in the AIG global policies? Did they leave out the word “void” from the recommended language? Did they just say “U.S. economic sanctions” instead of “U.S.economic or trade sanctions”?  How hard would it have been for the agency to say precisely and specifically what was wrong with AIG’s exclusionary clauses?  This just underscores the perception that OFAC is more interested in terrifying than regulating U.S. businesses.

Permalink Comments Off on OFAC Fines AIG for Drafting Error in Global Insurance Policies

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)



Jun

26

Vladimir Wants To See Your Source Code


Posted by at 4:08 pm on June 26, 2017
Category: BISEncryption

Vladimir Putin by Kremlin.ru [CC BY 3.0 (http://creativecommons.org/licenses/by/3.0)] via https://commons.wikimedia.org/wiki/File%3AVladimir_Putin_12019.jpg [cropped]According to this Reuters report, the Russians are demanding from U.S. companies the right to view source code of software that these companies wish to sell in Russia. The software at issue includes software with encryption capabilities, anti-virus software and firewalls. You don’t have to be a rocket (or computer) scientist to figure out why Vladimir and his spy master buddies want to look at such software. They are looking for vulnerabilities that would allow the Russians to continue to hack into U.S. networks and infrastructure. Surprisingly, Reuters suggests that some big names in U.S. software are actually complying.

That’s surprising because, as many readers probably know, handing over the source code of programs with encryption functionality to the Russian government requires a license from the Bureau of Industry and Security (“BIS”). Normally, I would expect BIS, at least for the moment, to grant such a license when hell freezes over or, as Vladimir himself might say, когда рак на горе свистнет (“when crawfish whistle in the mountains.”)

Here’s why a license is necessary. First, keep in mind that BIS controls the export of software with encryption functionality. This includes software that does not contain any encryption algorithms but calls those algorithms from an external source to perform the actual encryption. Although the language of the EAR is far from making it clear, BIS makes it quite clear here on its website:

Almost all items controlled under Category 5, Part 2 of the EAR are controlled because they include encryption functionality. Items may be controlled as encryption items even if the encryption is actually performed by the operating system, an external library, a third-party product or a cryptographic processor. If an item uses encryption functionality, whether or not the code that performs the encryption is included with the item, then BIS evaluates the item based on the encryption functionality it uses.

Most programs, in fact, call encryption from the operating system. Some browsers, such as Firefox, incorporate their own encryption, and programs may utilize browser encryption when sending and retrieving date from the Internet. In any event, the vast majority of software has some encryption functionality either by using the operating system or native encryption in certain browsers.

Second, source code does not fall under EAR section 740.17(b)(1) and is not eligible for self-classification and export under License Exception ENC. Rather source code that is not publicly available falls under 740.17(b)(2)(i)(B). Items that fall within (b)(2), such as source code, can be exported thirty days after the filing of a classification report to “non-‘government end users’ located or headquartered in a country not listed in supplement no. 3.” See Section 740.17(b)(2)(i). As a result, license exception ENC does not authorize exports to government end-users outside Supplement 3 countries. As Russia is not a Supplement 3 country, a license is required to provide source code with encryption functionality to the government of Russia.

I have no way of knowing whether the U.S. companies that have let Vlad peek at their source code bothered with, or even knew of the requirement for, licenses.   And although not so long ago, BIS would probably have said “nyet” to any such license request, it is altogether possible that BIS is now saying “da” instead.   In any event, companies should think long and hard before spilling their source code for software with encryption functionality to the Russkis without getting a license from BIS first.

 

Permalink Comments Off on Vladimir Wants To See Your Source Code

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)



Jun

22

The Chewbacca Defense: Export Edition


Posted by at 5:26 pm on June 22, 2017
Category: Arms ExportCriminal PenaltiesDDTC

Human Cannonball by Laura LaRose [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://flic.kr/p/6shAzP [cropped and processed]The decision in United States v. Burden, decided back in November of 2016, is not breaking news, but as I’ve seen several commentaries on it recently, I thought I might weigh in.  The defendants in that case argued that they had not violated the Arms Export Control Act because — get this — ammunition magazines and grenade launcher mounts, according to the defendants, are not defense articles. The defendants argued that these items are not defense articles because they can also be used with airsoft guns.  Accordingly they claimed the magazine and mount are not defense articles as defined in section 120.4 of the International Traffic in Arms Regulations and no license was required for their export.   This is pretty much like arguing that cannons are not defense articles because you could use them in circuses to shoot people into trampoline nets.

For reasons that are not clear, this led the District Court to actually consider whether these items were defense articles or not as defined in section 120.4.  That section deals with commodity jurisdiction determinations and had no relevance to the case under consideration.  The question properly before the court was whether the grenade mounts and ammunition magazines are on the United States Munitions List (“USML”), not whether they are defense articles.

If the items are on the USML, they are by definition defense articles.   The very first sentence of the USML makes this crystal clear:

U.S. Munitions List. In this part, articles, services, and related technical data are designated as defense articles or defense services pursuant to sections 38 and 47(7) of the Arms Export Control Act.

This means that the only real question the court had to answer was whether the grenade mount and ammunition magazine were described in Category I(h) of the USML which covers “[c]omponents, parts, accessories and attachments” of firearms described in Category I, subparts (a) through (h). It doesn’t matter that these items can be used on airsoft or paintball guns any more than it matters that a cannon can be used in a circus act or a performance of the 1812 Overture. Certainly the magazine meets the definition of a component and the mount meets the definition of an attachment and that, pretty much, should have been the end of it.

Even so, the court decided that the items were defense articles not because they were on the USML but because an expert witness from DDTC said that they were defense articles. The expert in question was Robert Warren, formerly Division Chief of the Plans, Personnel, Programs, and Procedures Division of DDTC, an odd choice in comparison to, say, the division chief for the division that handles licensing for firearms.  In any event, the court noted that Warren testified that “a defense article as we termed it is anything that has a military significance or military application.”  And that, according to the court, settled the question as to whether the mount and the magazine were defense articles.

Of course, the idea that something is a defense article if it has a military application is the equally stupid mirror argument to the defendants’ nonsensical claim that something is not a defense article if it has a non-military use.  Under the standard articulated by Warren, a water canteen purchased at a camping store or a pair of camo pants purchased from a clothing store would be defense articles.

As noted above, there was no need for anyone to dive down this rabbit hole and figure whether the mount and the magazine were defense articles.  If they were described by Category I(h) as attachments and components of firearms then they were defense articles.  End of story.  No further proof as to whether they were defense articles was necessary.   And, given that the defendants did not appear to dispute that these items were components and attachments of firearms but only that they were defense articles, it is not unfair to accuse them of raising the fabled Chewbacca defense.

Photo Credit: Human Cannonball by Laura LaRose [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://flic.kr/p/6shAzP [cropped and processed]. Copyright 2009 Laura LaRose

Permalink Comments (1)

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)


« Previous posts | Next posts »