Jun

7

Epsilon, The Unvanquished: Pt. 2


Posted by at 8:07 am on June 7, 2017
Category: Iran SanctionsOFAC

Soundstream Audio Car via https://www.instagram.com/p/BT5bEvfBw-p/?taken-by=soundstreamusa [Fair Use - Soundstream is Epsilon sub]Last week I posted on the D.C. Circuit Court of Appeals’s opinion setting aside the $4 million fine that the Office of Foreign Assets Control (“OFAC”) imposed on Epsilon Electronics for shipping weapons of mass destruction (namely, subwoofers and other car audio pimping items)  to Iran.  As noted in the prior post, the D.C. Circuit came to the somewhat astonishing conclusion that you could violate the prohibition on exporting to Iran if there were red flags that your shipment might be diverted from the country of export to Iran even if that shipment ultimately did not wind up in Iran. Even so, the Court set aside the jaw-dropping fine and sent the case back to OFAC for further consideration.

Having found that OFAC did not need evidence of a shipment to Iran to fine someone for exporting to Iran, the Court then took the paradoxical position that OFAC erred by not considering evidence that five of the thirty-nine shipments involved might not have actually gone to Iran. The emails in question were ones that “contemplate[d] [Epsilon] products being sold out of the Asra store in Dubai.” The Court explains this apparent inconsistency by saying that these emails tended to show that Epsilon “did not have reason to know those shipments were specifically intended for reexport to Iran.” Remember, the Court has taken the position that, in the Court’s version of “ordinary English usage,”  you are “exporting” something to someone if you have reason to know it might go to that party even if it never does.

Leaving aside this metaphysical and linguistic conundrum about un-exported exports, the Court’s discussion of OFAC’s treatment of the ignored evidence is instructive.

Government counsel explained at oral argument that OFAC did not consider the emails credible evidence. We can infer as much from the agency’s liability finding. But we lack an explanation, from the record, of why they are not credible, and why they do not counsel against liability for the final five shipments.

The only discussion of the credibility of these emails in the record was an internal OFAC memorandum not provided to Epsilon, but the Court dismissed its reasoning. That memo argued that the Asra store opened after all but two of the five shipments in issue had been sent, but the Court noted that this would not rebut an inference that the earlier shipments were meant for sale at the store when it opened. Even more significantly, the Court noted:

We also note the low value of the last five shipments, two of which were worth just over one hundred dollars apiece. At the
time those shipments were sent, Epsilon knew its dealings with Asra were under OFAC investigation. OFAC did not explain why Epsilon would knowingly risk fines of up to $250,000 per shipment in return for such a small reward.

This is, of course, an excellent point and it could go much further than the case at hand. It is, indeed, a legitimate question that can be raised almost any time OFAC or the DOJ go after low-value exports.  Of the many things in the opinion for OFAC to dislike, I bet this part of the opinion is at the top of their list.

Permalink Comments Off on Epsilon, The Unvanquished: Pt. 2

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)



May

31

Epsilon, the Unvanquished


Posted by at 7:02 pm on May 31, 2017
Category: Iran SanctionsOFAC

Soundstream Audio Car http://www.soundstream.com/images/intl-team/pic/england/england/images/new/UK%20(1).jpg [Fair Use - Soundstream is Epsilon sub]We have followed the saga of Epsilon Electronics extensively, beginning with the posts titled The Auto Sound and the OFAC Fury Part I and Part II followed by Epsilon, Epsilon and, then, As Epsilon Lay Dying, which discussed the federal district court’s decision reviewing OFAC’s $4.073 million fine imposed on Epsilon. Epsilon has persevered, and now the D.C. Circuit Court of Appeals has spoken in an opinion setting aside the fine and remanding the case back to OFAC for further proceedings.

I am going to break my thoughts on the D.C. Circuit’s opinion into several posts. This post will deal with an issue that Epsilon lost, namely its argument that it couldn’t be fined under section 560.204 of the Iranian Transactions and Sanctions Regulations (“ITSR”) without a showing that its products wound up in Iran. At issue were shipments Epsilon made to a distributor in Dubai that OFAC said only or mostly dealt with Iran. OFAC’s argument was that 560.204 was violated when Epsilon shipped the goods to Dubai when it knew, or should have known, that the goods would then be exported to Iran. According to OFAC, the shipment to Dubai was the violation of the ITSR whether or not the goods ultimately made it to Iran. (Significantly, OFAC did not charge Epsilon with attempt under section 560.203, where it would clearly not require a showing that the goods wound up in Iran.)

Section 560.204 prohibits exports to Iran “including the exportation … to … a third country undertaken with … reason to know that such goods … are intended specifically for … re-exportation, directly or indirectly, to Iran.” Using a somewhat bizarre analogy the Court reasoned that a shipment to Dubai with reason to know the goods were going to Iran was an “export to Iran” even if the goods never got to Iran.

Suppose you put a birthday card in the mail, addressed to your brother. While the card is still en route, your mother asks you, “Did you send a card to your brother?” In line with OFAC’s usage, you would respond, “I sent a card to him, but it hasn’t arrived yet,” because you put the card in transit, intending it to reach him. Following Epsilon’s usage, though, you would have to say, “I didn’t send a card to him,” because the card has not yet arrived.

This strange analogy fails because here the card is not put in the mail addressed to the brother. Instead, it was put in an envelope addressed to a third party with a note saying that if the third party saw the brother he should give this card to him. When Mom asked about the birthday card, only the most reprobate of siblings would respond that he sent the card to his brother. “No, Mom, but I did send it to Joe Schmo with a request that he give it to Bill if he sees him.”

The dissenting opinion by Judge Silberman notes that the majority opinion’s notion that a shipment to Dubai with reason to know it was going to Iran was an “export to Iran” is a notion that is inconsistent with OFAC’s decisions below. Judge Silberman points to a statement made by OFAC in the penalty proceeding that “multiple facts tend to show that the goods exported to Asra were sent to Iran,” which, “fudged the answer to the crucial question” whether a violation occurred without regard to whether goods ever wound up in Iran.

In my view there is another reason that section 560.204 can’t be read in the fashion suggested by the majority opinion. The statutory basis for the regulation is the International Emergency Economic Powers Act which, in section 1702, provides the power to the President to bar exports to a foreign country after declaring an emergency with respect to that country.  A declaration of national emergency has, in fact, been issued with respect to Iran. But, section 1701(b) of IEEPA provides:

The authorities granted to the President by section 1702 of this title may only be exercised to deal with an unusual and extraordinary threat with respect to which a national emergency has been declared for purposes of this chapter and may not be exercised for any other purpose.

Here Epsilon shipped product to Dubai. Its alleged “reason to know” that the goods might go to Iran was that the distributor had business in Iran. Even if the distributor was contractually obligated to sell the goods only in Dubai and that’s the only place they were sold, OFAC’s reasoning would be that this “reason to know” was enough for there to be a violation. That, I think, does not deal with an emergency declared with respect to Iran. This would not even qualify as an attempted export to Iran, which I think is the farthest limit that IEEPA permits sanctioning an activity without an actual export to Iran.

Permalink Comments Off on Epsilon, the Unvanquished

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)



May

19

Maria, Maria, I Just Met a Scam Named Maria


Posted by at 9:14 am on May 19, 2017
Category: OFAC

Maria Duval by Decce via Wikipedia https://en.wikipedia.org/wiki/Maria_Duval#/media/File:Psychic-Maria-Duval.jpg [Public Domain]

Last September, I wrote about the designation by the Office of Foreign Assets Control (“OFAC”), under the Transnational Criminal Organization (TCO) program, of Paul Davis, Pac-Net and related entities along with a number of officers, directors and employees of those companies.  Prior to these designations, only ten individuals and entities (comprising seven organizations) had ever been designated under the TCO program.  The original post focused on the nightmare that this would cause for the hundreds of thousands of people with the misfortune to be named Paul Davis.

But there was another fascinating aspect to this story.   The reason for the designations involved, at least in part, Pac-Net’s processing of payments by U.S. citizens, principally uneducated, elderly or otherwise vulnerable, in the Maria Duval psychic scam. Although the $180 million dollars this scam obtained from its victims pales in comparison with Bernie Madoff’s $20 billion Ponzi scheme, it still ranks as one history’s biggest swindles.  Victims, found on so-called “sucker lists” compiled by other direct mailers who have sold over-priced junk to people, received letters signed by Maria Duval claiming that she had a personal vision involving the recipient and that she would be glad to share that — for a fee, of course.  The real Maria Duval, a small-time French psychic fraudster, claims that she sold her name some years ago to a mysterious Swiss consortium which was responsible for the larger scam. (Read the fascinating details here.)

Earlier this week OFAC de-listed Raffaella Ferrari, who was the director, administrator, or shareholder for several PacNet-linked companies in Italy and the United Kingdom.  Last month, OFAC removed  two other individuals associated with Pac-Net from the SDN List.  No reason is given for these removals, but the relative rapidity with which they occurred, at least when compared with the normally glacial speed required to be removed from the SDN List, suggests that these individuals were probably victims of a “block-first-ask-questions-later” approach used by OFAC for the original designations.  The large number of individuals designated  certainly suggested the possibility that OFAC targeted anyone that the agency could identify as having any connection to Pac-Net.

In connection with the designations, OFAC put on its website a frankly rather silly, and not very useful, organizational chart complete with pictures of some of the individuals involved with Pac-Net.  Interestingly, not one of the three now-unblocked individuals was important enough to appear in the chart’s photographic rogues gallery.  This may explain the reason for their rapid unblocking better than anything else.

 

Permalink Comments Off on Maria, Maria, I Just Met a Scam Named Maria

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)



May

16

Send 3 Bitcoins to the Norks or You’ll Never See Your Files Again!


Posted by at 9:42 pm on May 16, 2017
Category: North Korea SanctionsOFAC

Kim Jong Un Wonders What To Do With Tennis Shoes via DPRK Twitter Feed[Fair Use]Security researchers have indicated that they have found Kim Jong Un’s pawprints all over the code used for the WannaCry ransomware, stolen from the CIA vaults by Vladimi Putin’s BFFs at WikiLeaks.  This, of course, raises the question as to whether companies that got locked out of their files by the ransomware violated the U.S. sanctions on North Korea if they paid the Bitcoin ransom to free their files.

The first part of that question that needs to be answered is whether U.S. sanctions are violated just by sending money to someone in North Korea.  You can’t answer that question by looking at OFAC’s Nork sanctions regulations, because they are woefully out of date.  The provisions in the regulations prohibit dealings with blocked parties in North Korea. But Executive Order 13722, issued on March 18, 2016, prohibits the unlicensed export of services by a United States person or from the United States to North Korea.  In OFAC’s view, sending money to North Korea is an export of financial services to that country.

So obviously a Bitcoin ransom payment, if it winds up in Kim Jong Un’s hands, is a problem for U.S. persons.   It looks like most of the ransom payments made so far came from outside the United States.   What about them?  All my readers should know that OFAC takes the position that if payments are made to sanctioned countries in U.S. Dollars, that is an export of financial services from the clearing bank in the United States to the sanctioned country.  But Bitcoin payments  don’t involve any banks.  That’s the whole point.  So no problem, right?

Not so fast.   Think about how Bitcoin and the blockchain works.  Any time a payment is made it will be reflected on the blockchain of all Bitcoin transactions and will be propagated to all computers running Bitcoin software — including a massive number of computers in the United States.

All that being said, there are a few practical roadblocks between a Bitcoin ransom payment to the Norks and an OFAC investigation.  First, the Chiquita case aside, there has been a general hesitance to go after people who pay these ransoms.   To begin with, it looks bad.   What government agency wants to go after a shipping company that pays off Somali pirates to protect their crew and property even if one or more of the pirates turns out to be an SDN?  (The most OFAC has done here has been to say that payments should not be made to SDN pirates but never explained how to figure out whether the pirate is an SDN.   Do you ask him to fax you his passport before the helicopter drops the ransom money on the deck?)

Second, there are difficulties in proving the identity of persons to whom Bitcoin payments are made.  Presumably the Norks would not have been stupid enough to establish the Bitcoin wallet or wallets using traceable IP addresses and were using clean addresses for each ransom transaction.  So the de-anonmyzing of the people receiving the Bitcoin payments would rely on vulnerabilities in TOR and methods to link multiple transactions by analyzing the blockchain itself. The various techniques do not always work but they can in certain circumstances. However, how likely is it that OFAC will engage in these analyses to track down the ultimate recipient of the ransom payments?

Bonus round:  In case you haven’t been reading the Twitter feed of the Nork news service, you will have missed this

Permalink Comments (2)

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)



May

3

Maybe BIS Should Read This Blog More Often


Posted by at 6:21 pm on May 3, 2017
Category: BISEntity ListOFACRussia Sanctions

Vladimir Putin via http://en.kremlin.ru/events/president/news/27394 [Fair Use]Way back in January of this year, I pointed out a problem that the Bureau of Industry and Security (“BIS”) and the Office of Foreign Assets Control  (“OFAC”) may have unwittingly created for U.S. manufacturers of encryption-enabled products, i.e., virtually anything that touches the Internet or a private network.  Both agencies had imposed sanctions on the FSB, the Kremlin spy agency formerly known as the KGB.  The problem with this otherwise laudable move is that the FSB regulates import of encryption products into Putinstan, er, Russia, and these restrictions could effectively prevent exports of U.S. encryption items into Russia.  This would happen because U.S. exporters were forbidden from filing the necessary paperwork with the FSB by virtue of its addition to OFAC’s SDN List and BIS’s Entity List.

Well, OFAC heard the howls of industry and in just after a little more than a week after the issue had come to light issued General License 1 to permit the filing with the FSB of the necessary paperwork for imports of these products.  BIS, however, slept through those howls and did nothing.   The original post on this problem had noted the difficulties posed by BIS having put FSB on the Entity List.   It was at least possible that the FSB notification and application forms could contain unpublished EAR99 technology regarding the device to be exported to Russia, in which case a BIS license would be necessary before the notification or application could be sent to the FSB.   That would be the case even after the OFAC General License authorized the notification and application forms to be sent

Rip van BIS-winkle has finally roused itself from its slumber on this issue.  On April 17, 2017, BIS amended the Entity List designation for FSB to remove the license requirement for transactions for “items subject to the EAR” that are “related to transactions that are authorized by the Department of the Treasury’s Office of Foreign Assets Control pursuant to General License No. 1 of February 2, 2017.” What do you want to bet that a number of FSB applications were filed with technology “subject to the EAR” without the required license before this amendment to the Entity List? Technology, even technology relating to an EAR99 item, is subject to the EAR unless it has already been published or has arisen during “fundamental research.” Few people would think that unpublished information about a commercial EAR99 item would require a license. Most people probably felt that the OFAC General License got them to the finish line when dealing with the FSB. It now does, but it did not before April 17.

Permalink Comments Off on Maybe BIS Should Read This Blog More Often

Bookmark and Share


Copyright © 2017 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)


« Previous posts | Next posts »