Archive for May, 2013


May

3

Do As I Say Not As I . . . etc. etc.


Posted by at 2:15 pm on May 3, 2013
Category: ChinaDDTCDeemed Exports

Credit: China Great Wall Industry Corporation http://cn.cgwic.com/APSTAR-7/photo.html [Fair Use]
ABOVE: Apstar-7 launch in China

Picture this scenario: a U.S. defense contractor leases time on a Chinese satellite and uses the transponders of that satellite to beam ITAR-controlled technical data between and among its facilities in the United States. The Directorate of Defense Trade Controls (“DDTC”) which licenses exports of ITAR-controlled technical data by U.S. exporters and which has imposed an absolute ban on transferring such data to China would, pardon the metaphor, go ballistic. The defense contractor would be investigated, fined millions of dollars, forced to conduct public self-shaming sessions (i.e. compulsory self audits) and either debarred or threatened with debarment. The zombie apocalypse would seem a Sunday afternoon outing in the park compared to the terror that the agency would rain down on the guilty exporter.

Now, suppose that the U.S. defense contractor in this story is not a private contractor but instead . . . (are you sitting down?) . . . is the Pentagon. What has DDTC to say about this catastrophic breach of national security? Let’s listen: (Crickets chirping . . . crickets chirping . . .) Speak up, over there, Foggy Bottom. I can’t hear you. What? Nothing? Not a peep?

And, no, this is not merely a hypothetical. It is a fact.

Doug Loverro, deputy assistant secretary of defense for space policy, testified at an April 25 hearing of the House Armed Services strategic forces subcommittee that when he assumed his duties a month ago, he learned of DOD leases with a Chinese satellite service provider that were issued early last year following a joint urgent operational needs statement in support of “warfighter needs.”

“The warfighter needed [satellite communication] support in his area of operations. He went to the Defense Information Systems Agency to request that support,” Loverro said.

Loverro said DISA responded to the request by reaching out to its pool of providers. Only one of those providers, a company based in China, had the bandwidth available to meet the communications needs. …

“From that perspective, I’m very pleased with what we did,” Loverro said. …

According to Wired, the satellite in question is the Apstar-7, launched in China and operated by APT Satellite Holdings Ltd., which is owned by the PRC.

The point of raising this is not just to show the double standard the government exercises with respect to defense-related information but also to find some support for a potential problem that has been bedeviling exporters and (to a lesser extent) the export licensing agencies themselves — namely, the issue of the interaction between export law, controlled technology, the “cloud” and the use of the Internet and email for information transfer. Everyone pretty much agrees that if controlled technical data so much as traverses a foreign internet server for a nanosecond — even if the information originated in the United States and is being sent to another user in the United States  — there has been an unlicensed export of that data. And yet, no one who puts information in the cloud, or sends it by email, or otherwise transfers the data using the Internet can be certain of the path the information will take and that it won’t pay an infinitesimally brief visit to a server outside the United States. Does this mean that everyone with controlled data has foresworn the Internet, keeps all controlled data on paper locked in file cabinets and uses the good offices of the United States Snail Mail service to send it about? Of course not.

Instead, it appears that those who have thought about the vagaries of Internet routing and cloud storage have adopted, at least as a best practice and perhaps as a mitigating factor, the use of encryption on controlled technical data being sent by email or stored in the cloud even where this is intended to be a solely domestic transaction. Of course, there is nothing in the ITAR or the EAR that endorses this and, technically speaking, the export of encrypted technical data is still the export of technical data.

Now in that light, consider this nugget from Lovero’s testimony:

Based on his review of the leases, Loverro said, the agency followed all of the current procedures and operational commanders were aware of the safety and business concerns connected with such an agreement. Those commanders, he said, are equipped with the necessary encryption to protect the information being relayed.

File that testimony away, folks, because you may need it. In short, the DoD is endorsing the notion that encryption effectively prevents the transfer of controlled technical data to the Chinese even when it passes through their hands. I’m certainly not guaranteeing that this is a “Get Out Of Jail Free” card, but it might some day be all you have.

Permalink Comments Off on Do As I Say Not As I . . . etc. etc.

Bookmark and Share


Copyright © 2013 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

May

2

Snooping on the Snoopers


Posted by at 6:02 pm on May 2, 2013
Category: BISSyria

By DSOA (Own work) [CC-BY-3.0 (http://creativecommons.org/licenses/by/3.0)], via Wikimedia Commons http://commons.wikimedia.org/wiki/File%3ADubaiSiliconOasisHeadQuarters-exterior2.JPG
ABOVE: Computerlinks FZCO
HQ, DSO Building, Dubai


The Dubai subsidiary of Munich-based Computerlinks recently agreed to pay $2.8 million dollars to the Bureau of Industry and Security (“BIS”) to settle charges that the Dubai subsidiary exported sophisticated Internet surveillance software to Syria without the required licenses. BIS had previously placed one individual and one company in the U.A.E. on the entity list in connection with the unlicensed export of these Internet devices to Syria

The charging documents are unusually detailed and reveal what appears to have been a systematic effort by the Dubai subsidiary to lie to Blue Coat, the manufacturer of the devices, about the ultimate destination of the equipment. One of the exports at issue was described as follows:

On or about October 29,2010, Computerlinks FZCO placed an order with Blue Coat for eight devices used to monitor and control web traffic along with accompanying equipment and software. Computerlinks FZCO falsely stated that the items were intended for the Iraq Ministry of Telecom, concealing the fact that the items actually were destined for Syria. Upon receiving the order, Blue Coat reexported the items from its facility in the Netherlands to Computerlinks FZCO in the U.A.E. On or about December 15, 2010, Computerlinks FZCO directed the items’ transfer within the U.A.E. for their subsequent shipment to Syria for use by the state-run Syrian Telecommunications Establishment (STE).

This is one of the highest fines BIS has ever imposed, ranking, by my count, only behind the $15 million imposed on Balli Aviation and related companies in 2010. This is due, in part, to the fact that this violation was not voluntarily disclosed. In fact, judging from the gleeful and somewhat self-serving press release from Blue Coat commending BIS for whacking Computerlinks, it is reasonable to assume that Blue Coat discovered the diversion and dropped the dime on Computerlinks.

No doubt Blue Coat discovered the diversion because the devices that Syria used to snoop on its citizens were probably also snooping on Syria at the same time. And you have to be more than a little surprised that the people at the Dubai subsidiary of Computerlinks were too stupid to realize that this would happen.

Permalink Comments (1)

Bookmark and Share


Copyright © 2013 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)