Sep

22

Don’t Forget Croatia


Posted by at 7:43 am on September 22, 2016
Category: BISEncryption

Sea view. Rovinj, Croatia by Andrey[CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://flic.kr/p/5oVXCk [cropped and processed]

Yesterday, the Bureau of Industry and Security (“BIS”) announced various amendments to the encryption rules. I realize that the encryption rules are a sprawling mess, scattered through various sections of the EAR and written in an incomprehensible jargon that sounds like they were translated into English from a Vulcan paraphrase of the original Sanskrit. I also realize that your eyes understandably glazed over when you saw the word “encryption.” So I’ll try to make this as painless and entertaining as possible.

Let’s start with the really big news. Croatia has been added to the list of Supplement 3 Countries! Woohoo! For those of you aren’t really excited about this, that is probably because you forgot that if you are not a Supp. 3 country, there is a 30 day waiting period after a review request has been filed before encryption items described in 740.17(b)(2) and (b)(3) such as source code and high-performance network equipment can be exported to that country. And if those items were going to government end users in  country not on the Supp. 3 list, a license was required. So, today was declared a national holiday in Croatia and papier-mâché effigies of key BIS officials were draped with garlands and paraded through town squares across the country.

While we’re on the subject of government end users, the amendments create a new kind of government end user — “less sensitive government end users.” These are government agencies that are the toughest of their kind and at which you can hurl the most frightening insults — say, “you cabal of pointy-headed bureaucrats!” — without hurting their feelings. No, I’m just kidding with you. “Less sensitive government end users” are government agencies that are less likely to use encryption for evil purposes, like museums, water treatment plants and census bureaus.

The reason for identifying “less sensitive government end users” is that high performance network infrastructure equipment used to require a license to go to any government on the Naughty List (i.e., not on the Supp. 3 Nice list). Now these items can be exported 30-days after a review request is filed provided that it’s a less sensitive government end user.

The best news I’ve saved for last.  No more encryption registration numbers!  For the 50 or so companies out there who still don’t have an ERN, you’re off the hook.  Annual self-classification reports will still have to be filed; and the new format for the report, which is detailed in an amended Supplement 8 to Part 742, incorporates some of the information that used to be required by the ERN application.

For a summary of the remaining changes, including a long-needed update of the performance parameters for high performance network infrastructure equipment subject to higher encryption controls, you can read this excellent summary, which is mostly clear and more or less written in English, helpfully provided by the nice people at BIS.

Photo Credit: Sea view. Rovinj, Croatia by Andrey [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://flic.kr/p/5oVXCk [cropped and processed]. Copyright 2008 Andrey

 

Permalink Comments (3)

Bookmark and Share


Copyright © 2016 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)



Sep

20

Get in Line


Posted by at 11:44 pm on September 20, 2016
Category: General

title=

OFAC just released reports for the second, third and fourth quarters of 2015 on its licensing activities under the Trade Sanctions Reform and Export Enhancement Act of 2000 (“TSRA”). These reports are required by TSRA, although they are required in a significantly more timely fashion — namely, within the next calendar quarter.

So these are all anywhere from a year to six months late. No explanation is offered for their tardiness. No poor dog lounging in a pile of shredded paper is blamed. No note from a gastroenterologist is offered. Nope, OFAC just walks up, drops these on the assignment pile and saunters back to its desk in the rear of the classroom and stares at the teacher with its legendary you-say-a-word-and-I’ll-block-all-your-stuff look

It is not then, I suppose, what we in the blog business call a “stupendous shocker” that these reports reveal that processing time for TSRA applications has gotten slower and slower and slower. In the second quarter the average processing time for licenses was 71 business days; 77 business days for the third; and 88 business days for the fourth. These are all in “business days” because 71, 77 and 88 don’t sound as bad as 14 weeks, 15 and 18 weeks or 2, 2.5 and 3 months.

But actually it looks like these numbers are, shall we say, fudged a bit to make them, as bad as they are, look better than the real numbers. In the second quarter, there were 246 applications filed and only 59 applications acted on. In the third quarter, there were 191 applications filed, of which 79 were acted on. Finally in the fourth quarter, only 156 of the 185 application filed were acted on. That leaves 328 applications, or more than half of the applications filed during the relevant time period, still languishing at the bottom of a drawer somewhere at OFAC.

So claiming an average processing time in the last three quarters of 71, 77 and 88 business days is, well, baloney. It’s like saying that you won the marathon because you had the shortest time even though you ran only half the course. That explains why all of you out there with TSRA applications which disappeared into the regulatory maw several years ago and haven’t been seen since snorted your coffee out your nose when you saw 75 or so days as the average processing time claimed by OFAC.

Photo Credit: Queue by Lars Ploughman [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://flic.kr/p/5V9pju [cropped and processed]. Copyright 2009 Lars Ploughman

Permalink Comments Off on Get in Line

Bookmark and Share


Copyright © 2016 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)



Sep

14

Burma Sanctions Will Sunset (No OFAC Action Necessary)


Posted by at 11:46 pm on September 14, 2016
Category: Burma SanctionsOFAC

Bagan by Staffan Scherz [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Flickr https://flic.kr/p/aAeXsZ [cropped and processed]President Obama announced today, after meeting with the newly elected President of Burma, that he intends to lift all remaining sanctions on Burma. With unusual alacrity, at least for the Office of Foreign Assets Control (“OFAC”), that agency issued FAQ #480 stating that its sanctions against Burma would disappear the moment that the President issues an executive order terminating the national emergency with respect to Burma. In other words, the Burmese Sanctions Regulations will immediately become ineffective even if it takes, as it probably will, months for OFAC to get around to pulling them down or issue a rule repealing them.

Of course, and not surprisingly, that FAQ may not be true. The restrictions on the import of jade and rubies from Burma were imposed by the infelicitously named “Tom Lantos Block Burmese JADE (Junta’s Anti-Democratic Efforts) Act of 2008” and cannot be removed until the White House makes certain notifications to Congress.

There is also the question of the status of blocked individuals after the President declares that the national emergency with respect to Burma is over. Section 5(b)(1) automatically blocked the property of certain persons in Burma and section 5(h) requires congressional notification before waiving that sanction. In 2009, the President issued a waiver as to all such persons not listed on the SDN List and that waiver has been congressionally notified.

But is President Obama really intending to remove everyone on the SDN List designated under the Burma sanctions including Steven Law and his companies such as Asia World? Law is on the list for narcotics trafficking, and there seems little reason to rehabilitate him simply because Burma has a democratically elected government. But if Law and his companies remain on the SDN list and the regulations go away, what happens to General License No. 20, which permits goods to be exported to Burma through Asia World ports? Without that license, exports to Burma from the United States will effectively be halted again.

Perhaps we need a few more FAQs.

Permalink Comments (2)

Bookmark and Share


Copyright © 2016 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)



Sep

13

Flowers for Ahmadinejad


Posted by at 9:25 pm on September 13, 2016
Category: Iran SanctionsOFAC

Sorbet Autumn Select Mix Viola via http://photolibrary.ballhort.com:8085/pasapprovedimages/api/v1/asset/319358/preview [Fair Use]The Office of Foreign Assets Control (“OFAC”) today fined a company a whopping $4,320,000 for selling things to Iran. Oh wow, you say, this must have been some really bad stuff like, say, high-powered computers or drones, right? Yep, really dangerous stuff — flower seeds. As in, the things you bury in your backyard and hope sprout up as zinnias.

Well, okay, so maybe they didn’t sell anything dangerous. The company, which is PanAmerican Seed in Illinois, must have sold like a billion dollars worth of seeds, right? Um, we don’t know the value of the seeds. For some reason OFAC won’t say. This is odd because OFAC almost always says what the value of the shipments was. OFAC does say something surpassingly strange about the dollars involved, something it’s never said before. In aggravating factor 4, OFAC says this:

PanAm Seed engaged in this pattern of conduct over a period of years, providing over $770,000 in economic benefit to Iran.

Now this is definitively not the value of the shipment. If $770,000 was the price of the exported goods, then PanAmerican which, presumably, was paid for the seeds by people in Iran, got the $770,000 benefit, or at least however much of that price represented its profit. I suppose this means the profit Iranians made after planting the seeds and selling the flowers, although how OFAC figured that out is rather hard to discern. And if the profits made by Iranian on the seeds is the economic benefit to Iran, then the value of the shipments had to be well south of that figure.

Why OFAC would go to such length to obfuscate the value of the shipments is unclear. Leaving aside that we are talking about petunia seeds here, PanAmerican Seed, at least if OFAC is to be believed, did not behave well. Apparently, it knew what it was doing; it concealed the ultimate destination of the shipments; it refused to cooperate with OFAC when it was turned in; and it apparently provided “inaccurate, misleading, or incomplete” information to OFAC

In any event, it still seems that OFAC has better things to do than to tiptoe through the tulips in Tehran.

Permalink Comments Off on Flowers for Ahmadinejad

Bookmark and Share


Copyright © 2016 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)



Sep

7

Brace Yourself: OFAC Fines Orthodontic Device Company


Posted by at 10:02 pm on September 7, 2016
Category: General

WCT Headquarters via http://www.worldclasstech.com/images/history/WCT-Building.jpg [Fair Use]Today the Office of Foreign Assets Control (“OFAC”) fined Oregon orthodontic device manufacturer World Class Technology Corporation $43,200 for seven shipments of orthodontic devices valued at $59,886 to Iran. The shipments in question were transshipped through Germany, UAE and Lebanon.

OFAC noted that there were three aggravating factors. First, the company did not confess its sins voluntarily to OFAC but instead got caught. Second, company executives knew the orthodontics were going to Iran. Third, the company disrespected OFAC by not having an OFAC compliance program until 2008.

There is, of course, more than a little absurdity in the idea that every company in the U.S. must have an OFAC compliance program or bear the wrath of the agency. WCT is estimated to have between 50-99 employees. Its headquarters are pictured on the left. It has under $20 million in revenue per year currently and, no doubt, much less before it adopted its compliance program in 2008. How many agencies must small businesses bow down to through adopting compliance programs designed to assure that they do not transgress the regulations of that agency? Would any of them ever get any business done if they did?

OFAC cited five mitigating factors, which presumably saved WTC from a company crushing $1.75 million fine which OFAC noted was the statutory maximum. First, the transaction would likely have been licensed. Second, WCT had no sanctions history in the previous five years. Third, WCT agreed to toll the statute of limitations — the penalty imposed today covered violations dating back to 2008. Fourth, WCT ultimately adopted a compliance program. Fifth, WCT “lacked commercial sophistication in conducting international sales.”

The real face-palm moment here is mitigating factor five. OFAC admits that WCT should be given a break because it didn’t have the commercial savvy to understand that it was violating OFAC regulations. Only a few nanoseconds before OFAC was criticizing the company for not having an OFAC compliance program. How does this add up? Do they cancel each other out? More likely, OFAC wants to have it both ways rather than to confront the ugly fact that it has absolutely no outreach to small businesses like WCT, and itself bears some measure of blame for the exports of unsophisticated companies.

Permalink Comments (3)

Bookmark and Share


Copyright © 2016 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)


« Previous posts | Next posts »