The suspended export denial order is contained in the BIS settlement documents. The suspension is conditioned on the defendants complying with the plea agreement, i.e., paying the $1.25 million fine, and on the defendants not committing any export violations during the 10-year period of the suspended denial order.

Although the judge could theoretically impose jail time during sentencing scheduled for January 13, 2012, that seems unlikely. The absence of jail time and the suspended denial order are unusual in cases like this. I can only speculate that the relative leniency of the penalty, particularly the absence of jail time, is due to a deficiency in the government’s case which I pointed out in my initial posting on the indictment. Although the government had evidence that Shih knew that the computers that he was shipping to the UAE were ultimately destined for Iran, he also said in conversations with the government’s informant that he believed his actions were legal because he was only exporting the items to the UAE. A criminal export violation requires knowledge by the defendant that his actions are illegal and it appears that was going to be difficult to prove here.

Obviously this is only speculation on my part and there may have been other factors involved in the lenient treatment of Mr. Shih and his company. Still, my speculation seems pretty reasonable in this case.

China Daily is a great source of unintentional humor, and I really wish I had more time to peruse it. I did stumble across a recent opinion piece in China Daily on the rare earth export issue and, not surprisingly, there is much to snicker about in it, unless, of course, your business depends on the availabilities of the lanthanides, known to us non-technical sorts as the rare earth elements.

China initially justified its restrictions on exports of the lanthanides as a measure to encourage companies using lanthanides to relocate to China. Article XI of the General Agreement on Trade and Tariffs generally prohibits export quotas unless they fall within the exceptions set forth in Section 2 of Article XI or Article XX. Not surprisingly, efforts to distort international trade by forcing companies to relocate to the country imposing the quota is not within the exceptions set forth in GATT.

Somewhat later China began to cite the environmental impact of rare earth mining as a justification for the quotas. That argument was easily dismissed as a transparent ruse because China imposed no restrictions on rare earth mining for domestic use, no matter how loudly they complained the foreign exports of rare earths were killing Chinese workers.

Now, the article referenced by this post attempts to concoct another justification for its export quotas: national security. The article starts with a slam at the Wassenaar Arrangement which it claims is some kind of anti-socialist conspiracy by capitalist Western nations and a broad-based justification for China to impose any export controls it can dream up:

Export regulation was originally introduced for security issues. After World War II, the United States and other countries established the Coordinating Committee for Multilateral Export Controls (COCOM) against socialist countries; its successor, in effect today, is the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies.

In recent years the restrictions have become ever tighter. On June 19, 2007, the US Ministry [sic] of Commerce listed more than 2,500 kinds of technologies, devices, and materials banned [sic] for export to China.

Those familiar with the 2007 rule cited by China Daily, may wonder where the author came up with the idea that 2,500 kinds of technologies were banned for export. The rule imposed certain new license requirements for dual use items destined for use by the Chinese military but did not ban those exports. There were bans on items controlled for nuclear proliferation, missile technology, or chemical and biological warfare that would contribute to major Chinese weapons systems, but the 2,500 number is more than a little high as an estimate of the number of technologies involved.

More importantly, China’s claim that these restrictions are premised on national security would be more convincing if it had been its initial justification. And, of course, the Wassenaar list, which represents not a capitalist conspiracy but a multilateral consensus of strategic goods that require export controls, would permit China to exert export controls on the items on that list, items that don’t include the lanthanides.

Nevertheless, the usual suspects are predictably upset and see this as a slippery slope that culminates in the U.S selling fighter jets and atomic bombs to China

The C-130 proposal is obviously a toe in the water and, as such, should be rejected,” said John Bolton, former undersecretary of state for international security. “This administration seems to have two messages about America for foreign governments: weak and weaker.”

An administration official said that the waiver was not intended to allow the sale and export of C-130s to the Chinese government.

QUESTION: Just a quick one. As far as this – the Pentagon report to Congress on China, how much concern do you have as far as Chinese military buildup?

MR. CROWLEY: Well, it is a – it is something that we watch closely. It’s something that other countries in the region watch closely. We would like to have a fuller military-to-military relationship and dialogue so that we can better understand China’s long-term military plans, and that is something that we continue to seek.

What Crowley doesn’t mention is that it was China that cut off military-to-military contact between the U.S. and China last January after the last announcement of U.S. arms sales to Taiwan. These new sales aren’t likely to change the situation.

Called Advanced Persistent Threats (APT), the attacks are distinctive in the kinds of data the attackers target, and they are rarely detected by antivirus and intrusion programs. What’s more, the intrusions grab a foothold into a company’s network, sometimes for years, even after a company has discovered them and taken corrective measures. …

The Heartland and RBS attackers, and other criminal hackers of their ilk, tend to use SQL injections attacks to breach front-end servers. The APT attackers, however, employ undetectable zero-day exploits and social engineering techniques against company employees to breach networks.

… They attempt to take every Microsoft Word, PowerPoint and Adobe PDF document from every machine they compromise, as well as all e-mail, says Mandia. …

Last year, for example, an unidentified defense contractor discovered 100 compromised systems on its network, and found that the intruders had been inside since at least 2007.

APT attackers also appear to be well-funded and well-organized. In some cases, Mandiant has found multiple groups inside a network, each pursuing their own data in a seemingly uncoordinated fashion. …

Many entities don’t discover a breach until someone from law enforcement tells them. By then, it’s too late.

“By the time the government is telling you, you’ve already lost the stuff you didn’t want to lose usually,” Mandia says, noting that it’s generally not possible to ascertain everything that an attacker took.

While APT attacks are sophisticated, they use simple techniques to gain initial entry and, once inside, adhere to a pattern.

For starters, the attackers conduct reconnaissance to identify workers to target in spear-phishing attacks — such as key executives, researchers and administrative assistants who have access to sensitive information — and then send malicious e-mails or instant messages that appear to come from a trusted colleague or friend.

The e-mails have an attachment or link to a ZIP file containing zero-day malware that exploits Microsoft Office or Adobe Reader vulnerabilities. Google employees received an e-mail with malware that exploited a vulnerability in Internet Explorer 6 that Microsoft had not yet publicly disclosed.

Once the attackers have a foothold on one system, they focus on obtaining elevated access privileges to burrow further into the network. They do this by grabbing employee password hashes from network domain controllers — and either brute-force decrypt them or use a pass-the-hash tool that tricks the system into giving them access with the encrypted hash.

Not only should you be extremely cautious about email attachments and forwarded links, even from trusted friends, but also you might think about taking down your entry on LinkedIn or other business networking sites. Unless, of course, it’s already too late.

Consider this example cited in the article:

John Iliff, general manager of American Forge & Foundry, says the single shipment of oil-drainage tanks it received in 2006 from the CPMIEC unit set off no alarms. “Trading in illegal goods certainly never crossed our minds,” he says.

The shipment came from China JMM Import & Export Shanghai Pudong Corp., which didn’t appear on any sanctions list until Thursday. Records indicate the company shares an address and phone number with a CPMIEC unit that was previously banned: CPMIEC Shanghai Pudong Corp. The Treasury determined that the two companies are affiliated.

That designation of JMM Import & Export occurred just a few days ago on December 31, 2009, almost three years after the cited shipment. But there were several red flags that American companies might have picked up on before OFAC’s belated designation of the CPMIEC affiliate. Not only is there a similarity in the names of the two companies, but they shared the same street address. Standard procedure should be not only to check names on the SDN list but addresses as well.

But the larger issue here is that the obvious ease with which Chinese companies can morph into new entities effectively renders company-based sanctions almost completely ineffective. It’s obviously as easy for Chinese companies to rename themselves as it is for underage Chinese gymnasts to acquire new, earlier and eligible birth dates on official documents. I’m not so sure what the solution is here but it doesn’t appear to be imposing penalties or additional compliance obligations on U.S. companies that deal with affiliates of companies on the SDN list.

According to a Department of Justice press release, a federal grand jury indicted a California man and two of his companies — Fushine Technology, Inc., a California corporation, and Everjet Science and Technology Company, which is based in the PRC — for unlicensed exports of controlled microwave equipment to China.

Export prosecutions require proof that the defendant understood that the exports in question were illegal. Since there is often little dispute as to whether the exported item required a license or that a license was not obtained, this makes this scienter element the most important and interesting element of each case. Here the press release contains allegations that, if true, might go a long way towards showing the scienter element:

The indictment further alleges that the defendants knew about the licensing restrictions and specifically sought to circumvent them. The indictment quotes from an internal company e-mail in which an Everjet employee told a Fushine employee, “Since these products are a little bit sensitive, in case the maker ask you where the location of the end user is, please do not mention it is in China.” The indictment also quotes from another e-mail in which Lu advises a subordinate to pretend that the intended end-user for an item is in Singapore rather than China.

It seems to me that recent press releases, instead of merely focusing on the allegedly grave impact of the particular export on national security, have begun to provide much more information revealing the prosecution’s case for its claims that the exporter knew the export was illegal. And often the case revolves around emails sent to and from the exporter. Back in the days when exporters and their foreign customers communicated mostly by telex finding such proof was no doubt more difficult. But now the evidence may come, as allegedly it did in this case, wrapped up in a little gift package with a nice decorative bow on top and a subject line reading “Don’t tell anybody this chip is going to China.”

As the end of the year approaches, the Bureau of Industry and Security (“BIS”) has been busy releasing a flurry of settlement agreements for export violations. In the latest batch is a settlement agreement by Interpoint Corporation, a subsidiary of Washington-based Crane Aerospace and Electronics.

Crane agreed to pay BIS a $200,000 fine to settle charges that it engaged in 37 illegal exports of EAR99 items to China. In two instances, the exports were destined for the 13th Institute, an end-user in China on BIS’s Entity List. The remaining exports were alleged to violate section 744.3 of the Export Administration Regulation (“EAR”) because Interpoint had been informed that the items would be for use “in the PRC’s Long March [Chang Zheng] rocket program or in other commercial rocket programs.”

Section 744.3(a)(1) requires a license for any export to a country in Country Group D:4, which includes China, if the exporter knows that the item will be used for commercial (or other) rocket systems with a range in excess of 300 kilometers. The Chinese Long March rockets are designed to carry satellites into geosynchronous orbit, i.e. 35,786 kilometers above sea level on the Earth’s surface.

In instances in which the items weren’t destined for the Long March rockets, Interpoint knew that they were destined for other “commercial rocket programs,” although there is no allegation that Interpoint knew which rocket programs or that the rockets had ranges in excess of 300 kilometers. These exports were probably covered by section 744.3(a)(3), which requires a license for exports used in rocket systems by a country in group D:4 if the exporter is “unable to determine … [t]he characteristics (i.e., range capabilities) of the rocket systems.”

Although section 744.3(a) clearly embodies a knowledge requirement, the scope of that knowledge requirement is unclear, and the Settlement Agreement casts little light on this confusing issue. Was Interpoint required to know that the items were for use in the Long March rocket program and to know that the Long March rockets had a range in excess of 300 kilometers? Or was it enough that Interpoint knew that the items were destined for Long March rockets which, whether Interpoint knew it or not, had a range far in excess of 300 kilometers?

Section 744.3(a)(3) appears to answer part of this question by imposing a duty to investigate the range of the rocket: an export to a D:4 country requires a license if the exporter is unable to determine the range of the rocket. But that still doesn’t answer a more intransigent case. Suppose that the exporter is told falsely that the rocket is only designed to carry a payload to a Low Earth Orbit less than 300 kilometers? Of course, an exporter can avoid having to put itself in the uncomfortable position of answering that question by simply refusing to export parts without a license to a D:4 country if that part is to be used for a rocket of any range.

Two of the indicted men are or were employed by a Singaporean import/export company known as FirmSpace, Pte Ltd. A reporter for Singapore-based news website TODAYonline visited FirmSpace and discovered some interesting things:

For over a year, the company, Firmspace …, appears to have not had any business. But it has not laid off any employees and was even able to pay its staff promptly, said its receptionist, who only wanted to be known as Ms Vera.

“I found it quite strange but I never thought of asking the bosses, as long as I still got my salary,” she told Today. …

None of the three employees working in Firmspace knew what was sustaining the business, Ms Vera said. But she stated that Firmspace had been “involved in a few projects” — she didn’t know the nature of these projects, though — since it stopped its import and export business, but none of them were successful.

Ms. Vera and her two co-workers had the perfect job where they got to show up at work, do absolutely nothing at all, and still get paid. Who were they to step off this gravy train?

Of course, it doesn’t take an especially clever sleuth to guess what was going on:

TODAY’s checks revealed that Chinese nationals Mr Hou Xinlu and Mr Gao Xiang are listed as Firmspace’s directors. It is believed they are based in China.

Ya think?

Not surprisingly, Firmspace appears to be simply a front company set up by CAST or some other agency of the Chinese government to obfuscate Chinese efforts to obtain export-controlled items from the United States. This time it didn’t work out so well, since the Chinese front company tried to order the carbon-fiber material from a U.S. front company set up by the U.S. government to catch people trying to engage in illegal exports. Still, you have to wonder how many people get paid by the Chinese to sit at desk in a front companies used by the Chinese in their attempts to obtain sensitive materials from the United States and other countries.