Archive for the ‘Deemed Exports’ Category

Aug

21

We Apologize for the Inconvenience

Posted by at 5:56 pm on August 21, 2012
Category: DDTCDeemed Exports
DDTC HQ
ABOVE: DDTC offices in DC

The Directorate of Defense Trade Controls (“DDTC”) has just revised its guidance on licensing foreign persons employed by U.S. persons. Foreign persons that will have access to ITAR-controlled technical data need to be licensed by DDTC prior to obtaining access to that technical data, and the guidelines describe how to use licensing application form DSP-5 to obtain the requisite license.

The revised guidelines contain only one change, and it is a footnote inserted at the beginning of the document relating to the enforcement of anti-discrimination provisions by the Office of Special Counsel in the Civil Rights Division of the Department of Justice. The oddly vague footnotes reads in its entirety as follows:

The ITAR imposes a license requirement for the export of U.S. defense articles and defense services to foreign persons. The ITAR does not, however, impose requirements on U.S. companies concerning the recruitment, selection, employment, promotion or retention of a foreign person. Federal law prohibits discrimination in hiring, firing, or recruitment/referral for a fee based on an individual’s citizenship status or national origin. See Section 274B of the Immigration and Nationality Act (INA), 8 U.S.C. § 1324b. Unless otherwise required to comply with law, regulation, executive order, government contract, or determination by the Attorney General of the United States, discrimination based on an individual’s citizenship status is unlawful. The Office of Special Counsel for Immigration-Related Unfair Employment Practices (Office of Special Counsel) in the Civil Rights Division of the United States Department of Justice enforces Section 274B of the INA. The Office of Special Counsel, located in Washington, D.C., has issued public guidance relating to non-discriminatory practices when complying with ITAR. For additional guidance, please contact the Office of Special Counsel at [email protected], its employer hotline at 1-800-255-8155, or visit its website at www.justice.gov/crt/about/osc.

You would not be alone if your first reaction to this elliptical mish-mash of bureaucratese and CYA-speak does not seem to make any sense. It seems to be saying that the ITAR requires you to discriminate against non-citizens and that the Immigration and Nationality Act makes it illegal to discriminate against non-citizens and it is entirely up to you to figure out how to comply with both requirements at once. So long, poor exporter, and thanks for all the fish.

This problem is complicated by the footnote referencing “public guidance” by the OSC without, of course, bothering to provide, you know, something helpful like a link to that guidance. In fact, the OSC hasn’t issued anything that might fairly be called public guidance on how to navigate the Scylla of the ITAR and the Charybdis of the INA. Instead, I was able to locate two “Technical Assistance Letters” issued by the OSC in response to narrow questions posed by members of the public.

The first said that it was illegal for employers to use documents gathered in the I-9 process to determine whether the employee was eligible to receive ITAR-controlled technical data. It said, somewhat confusingly, that the employer must gather documents establishing ITAR eligibility in a “separate and distinct verification procedure,” whatever that means.

The second technical assistance letter advises that employers may inquire whether applicants are citizens of embargoed countries for purposes of complying with export obligations “as long as such inquiries were made uniformly and without the intent to discriminate on the basis of national origin or citizenship status.” Just to keep things confusing, the letter says that the OSC reserves the right to examine the “totality of the circumstances” to determine whether an inquiry related to citizenship in an embargoed country was nevertheless discriminatory notwithstanding the export issue.

Reading between the lines of these two OSC letters, there is one thing that can be said with certainty about simultaneous compliance with the INA and the ITAR. Because permanent residents, refugees and asylees are entitled to receive ITAR-controlled technical data and employer may not, in an effort to comply with the ITAR, limit employment to U.S. citizens or even to U.S. citizens and permanent residents. Beyond that, you are pretty much on your own in reconciling the two regulatory schemes, with each agency helpfully pointing its fingers at the other for guidance.

Permalink Comments (6)

Bookmark and Share


Copyright © 2012 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)
Apr

30

Danger, Danger, Will Robinson! Deemed Exports Ahead!!

Posted by at 6:51 pm on April 30, 2012
Category: BISDDTCDeemed Exports

Medical LabA long article published today on the Bloomberg News website tells the story of a voluntary disclosure by Georgia Tech after one of its instructors inadvertently posted some export-controlled data on the Internet. The article follows this anecdote up with a ton of (virtual) ink about how universities are giving away all of our military secrets and how we shouldn’t be surprised when this results in the U.S. becoming a satellite province of China or Iran.

First, here’s what the story reveals about the Georgia Tech voluntary disclosure. According to the story, a research scientist at the university wanted to put course materials and videos of his lectures for his course “Infrared Technology and Applications” on a DVD because he was planning to retire and he wanted to use these materials to train his successor. When the university’s media staff encountered problems putting the video and materials on DVD, they suggested making the information available by a link. The research scientist approved this idea, thinking that it was an internal link, whereas it was an ordinary Internet link. The material was available online for about three weeks before the mistake was discovered and the materials were taken down. Although the video received hits only from the United States, some of the Powerpoint slides that were posted received hits from foreign countries, including 33 from China and one from Iran. The university disclosed this lapse to the Directorate of Defense Trade Controls which issued a warning letter but imposed no penalties, something which appears to have scandalized the Bloomberg reporter.

Above and beyond the description of the Georgia Tech voluntary disclosure, the article takes a Chicken Little approach to the dangers posed to national security by university research:

Eager to preserve their culture of openness and global collaboration, campuses are skirting — and even flouting — export-control laws that require foreigners to hold government licenses to work on sensitive projects.

To support this startlingly broad conclusion, the reporter humps the Roth case for all it is worth and cites some voluntary disclosures by several universities. That doesn’t much sound like “flouting” export rules to me, but perhaps Bloomberg has a different definition of that word.

For those familiar with the sorts of information which may be export-controlled (but not classified), it is hard to get too worked up about the national security implications of this. After all, business proprietary information about how to make handcuffs is controlled under the Commerce Department’s rules. Suffice it to say, things that are of real concern are classified. Accordingly, I am not scandalized when voluntary disclosures by universities relating to deemed exports result in warning letters rather than jail time for everyone involved as the reporter seems to think is appropriate. And because “fundamental research,” which is exempted from export controls, is an incredibly vague term that is difficult to apply in many contexts, overzealous enforcement of export rules to university research would have an unwarranted chilling effect on that research given the number of foreign students at almost every college and university. Well, I suppose colleges could adopt an American-only admissions policy, and I wouldn’t be surprised if there weren’t certain advocates of deemed export controls who secretly wish for such national homogeneity at our institutions of higher learning.

Permalink Comments (6)

Bookmark and Share


Copyright © 2012 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)
Apr

18

Updates on Bird Flu and Nail Polish

Posted by at 5:35 pm on April 18, 2012
Category: Deemed ExportsIran SanctionsOFAC
Gregory Schulte
ABOVE: H5N1 virus

Civil disobedience and export laws: those are two concepts not often linked together. But it appears that a Dutch researcher on the H5N1 avian virus is planning to tell Dutch authorities to take a hike and will submit his research to a U.S. journal even though the Dutch government has declared that the research is export-controlled.

This issue was discussed in an earlier post on this blog that discussed how decisions by U.S. researchers to restrict dissemination of some research on the bird flu virus might disqualify the research from the fundamental research exception and make it difficult to share the research with colleagues in other countries. Those restrictions were ultimately removed and the research is not considered export controlled in the United States. Dutch authorities have relied on those initial restrictions to declare the research controlled and have told the researcher that he could not submit the research to foreign journals for publication.

Now Fouchier [the Dutch researcher] says that he is prepared to defy the government and submit the work anyway, an action that could cost him up to 6 years in prison or a $102,000 fine. …

“We simply will never apply for an export permit on a scientific manuscript for publication in a journal. We do not want to create a precedent here,” he told Nature. “We might end up in court indeed if they insist on censorship.”

As an unrelated update, this blog yesterday posted on the $450,000 fine levied on Essie Cosmetics for exports of nail polish to Iran. Several readers have emailed me to suggest that the high fine was based not on the strategic implications of nail polish exports but on, shall we say, an uncooperative attitude by Essie in dealing with OFAC. That’s not hard to believe because, notwithstanding Essie’s expensive dust-up with OFAC, the cosmetic company’s website still has Iran in the drop-down list of countries in forms on its website.

Permalink Comments (2)

Bookmark and Share


Copyright © 2012 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)
Aug

9

Are You Now, or Have You Ever Been, a Spy?

Posted by at 5:00 pm on August 9, 2011
Category: DDTCDeemed ExportsTechnical Data Export

QuestionnaireWith the August 15 implementation date for the new dual and third country national rule fast approaching, I wanted to comment briefly on the Sample Questionnaire that the Directorate of Defense Trade Controls (“DDTC”) has proposed as an example of something foreign companies should use to review whether a dual or third-country national has “substantive contacts” with other countries. Under the new rule, foreign companies covered by a technical assistance agreement (“TAA”) can share technical data with full-time employees who are also nationals of countries other than the company receiving the data under the TAA. One of the conditions, however, for using that rule is that the foreign licensee must examine the “substantive contacts” of that third-country or dual national with other countries to determine whether there is a risk of diversion of the technical data outside the home country of the foreign licensee.

The sample questionnaire proposed by DDTC represents the agency’s suggestion as to one way that such screening should take place. Some of the questions are poorly drafted, and many of the others are just plain silly and can be roughly paraphrased as simply asking the person involved whether or not he or she is a foreign spy — as if they would answer that question truthfully if they were.

In the poor drafting category, we have this question:

Do you have business contacts, business partners, business contracts, brokers, or any other relationship with a business in another country or other countries subject to U.S. or U.N. embargo?

Because the question as to whether there are contacts with “another country” would necessarily include countries subject to embargo, the final clause is unnecessary and potentially confusing.

Also in the poorly drafted category, we have this incredibly broad inquiry:

Have you ever served in or provided information to the government of another country (e.g., military, foreign ministry, intelligence agency or law enforcement)?

Anybody who has ever traveled to a foreign country would have to answer this affirmatively because of the requirement to provide information to customs and immigration officials upon entry in to the country. And, of course, a third country national will have provided tons of information to his home country government in terms of tax returns, driver’s license applications, and the like. And what about state-owned enterprises? Does information provided to them constitute information provided to the government?

Then we have the “are you a spy” questions:

Do you have contacts with any other individuals or groups involved in acquiring controlled defense articles, including technical data, illegally or otherwise circumventing export control laws? Please explain the nature of that contact.

Do you have contacts with agents from another country or another country’s government?

Do you have contacts with agents from another country or another country’s government?

It is a little known historical fact that Mata Hari, when asked questions of these sorts, broke down into tears, confessed to the French government that she was a spy and asked to be immediately taken to the firing squad for execution.

The questionnaire also has the dual or third country national attest that he or she has given the company complete and accurate “social networking addresses.” Apparently whoever wrote this had heard that all the kids these days do these Twitter and Facebook thingies but didn’t really understand how any of them worked. There really isn’t any such thing as a “social network address,” unless the DDTC expects that something like www.facebook.com be provided as a response to this question. Presumably the idea here would be that the employee has allowed the company to follow or “friend” the employee on Facebook, Twitter, Google Plus or the like. This would mean, I guess, that the foreign licensee will then inspect all the tweets or postings of the employee to make sure that he or she hasn’t said in one or more of them that they are passing controlled technical data to foreign government agents. It is probably easier just to not use the exemption.

Permalink Comments (2)

Bookmark and Share


Copyright © 2011 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)
Jul

26

Cloudy, With A Chance of Heavy Fines

Posted by at 5:45 pm on July 26, 2011
Category: Deemed ExportsExport ReformTechnical Data Export

Cloud ComputingThe Brookings Institution just issued a brief report entitled “Addressing Export Control in the Age of Cloud Computing.” The report raises more issues than it answers, which is not surprising given the brevity of the report and the uncertain state of the application of export rules and regulations to cloud computing.

One thing the report gets quite right is its observations that the questions of the application of export law to cloud computing are issues that pre-date the current cloud computing phenomenon and were raised initially by the trans-national characteristics of the Internet itself. Consider this example provided by the report:

Person A, a U.S. citizen located in the United States, sends an e-mail containing EAR-restricted information in the body of the message to Person B, a U.S. citizen who normally works at a location in the United States. Unbeknownst to Person A, Person B is on a short trip overseas. Person B logs onto his e-mail while overseas using a public computer in the lobby of his hotel, sees that he has an e-mail message from Person A, but since he does not have any reason to believe in advance that it will contain EAR-restricted information, proceeds to click on the message and read it.

Assuming this is an export violation, and under a literal reading of the Export Administration Regulations (“EAR”) it would be, who has broken the rules? The party sending the email without knowing it was going to leave the country or the party opening the email not knowing it contained export controlled data? The report piles on another question and another wrinkle: suppose the email provider moved the email on to a foreign server after noticing that Person B was accessing the email from abroad. Is the email provider guilty of an export violation? These same issues that are posed by a simple email are also posed when companies begin storing data on the cloud without full control or knowledge of where the cloud servers may be located.

Of course, the literal interpretation of export rules might well forbid the use of email, cloud services or the Internet in general with respect to export-controlled data. Is it time to shut off the computers, address a bunch of envelopes, and crank up the dusty postage meter in the back of your office?

The report suggests that regulators might avoid charges of Luddism and the enshrinement of nineteenth-century concepts of exports by looking at data encryption. Under current rules, data is exported if it crosses borders whether it does so as clear or encrypted text. Perhaps securely encrypted text can find a safe harbor from traditional concepts of export. And although the regulations do not currently take this approach, I have advised people emailing export-controlled data to do so always in encrypted form to guard against things similar to the scenario posed above. If the controlled data, through the miracle of the Internet, winds up on a foreign server, at least the contents of that data aren’t available in any practicable sense to any foreign persons with access to that server. If not a defense to the export violation, it is at least going to be a mitigating factor in any penalty action.

Permalink Comments Off on Cloudy, With A Chance of Heavy Fines

Bookmark and Share


Copyright © 2011 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

« Older Entries
Newer Entries »