Archive for December, 2013


Dec

23

How the OFAC Stole Christmas


Posted by at 1:07 pm on December 23, 2013
Category: OFAC

Santa Flanked by F-16

A spokesman for the Treasury Department’s Office of Foreign Assets Control (“OFAC”) told Export Law Blog this morning that discussions between OFAC and the North Pole over Santa Claus’s Christmas Eve itinerary had once again broken down and were not expected to be resumed before Santa’s scheduled departure on December 24 at 10 pm EST.

The dispute arose from a dilemma that the U.S. sanctions against Cuba posed for Santa’s planned delivery of toys to children in Cuba. If Santa delivers toys for U.S. children first, there will be toys destined for Cuba in the sleigh in violation of 31 C.F.R. § 515.207(b). That rule prohibits Santa’s sleigh from entering the United States with “goods in which Cuba or a Cuban national has an interest.” On the other hand, if Santa delivers the toys to Cuban children first, then 31 C.F.R. § 515.207(a) prohibits the sleigh from entering the United States and “unloading freight for a period of 180 days from the date the vessel departed from a port or place in Cuba.”

A press release from the North Pole announced that the OFAC rules left Santa no choice but to bypass the children of the United States this Christmas. A spokesman from OFAC warned that if Santa attempted to overfly the United States, his sleigh would be forced to land and his cargo seized. He continued:

We know that the outcome is harsh, but we cannot allow the Cuban regime to continue to be propped up by Santa’s annual delivery of valuable Christmas toys to Cuban children.

Congressional leaders did not return our calls.


This post is an annual tradition and appeared previously in 2007, 2008, 2009, 2010, 2011 and 2012 in slightly altered form. Export Law Blog would like to take the opportunity of this post to extend its best holiday wishes to all of its readers. Posting will be light between now and the end of the holidays.

Permalink Comments (3)

Bookmark and Share


Copyright © 2013 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Dec

20

Back in the U.S.S.R.? Pleading Guilty to U.S. Export Violations May Get You Home


Posted by at 12:53 am on December 20, 2013
Category: Criminal PenaltiesDDTCGeneralITARUSML

By  Sgt. Scott M. Biscuiti [Public domain], via Wikimedia Commons http://commons.wikimedia.org/wiki/File%3ADefense.gov_photo_essay_090329-M-7747B-015.jpg

On Tuesday, Russian Roman Kvinikadze pleaded guilty in federal court in Wyoming to charges that he attempted to export thermal imaging weapon sights to Russia without a required license from the U.S. State Department.  Last month, we reported on Kvinikadze’s arrest and the charges brought against him as well as the Russian government’s criticism of the entire matter.  Kvinikadze’s plea is not a surprising development since, as we alluded to last month, an entrapment defense even under the most favorable circumstances is difficult to prove.

What is surprising, however, is how soon Kvinikadze may be leaving U.S. federal prison.  The Associated Press reported on Tuesday that the federal judge in Kvinikadze’s case said “immigration authorities intend to send Kivinikadze back to Russia.”  As we said last month, Kvinikadze’s best defense was not going to be in the courtroom but through diplomatic channels plied with the Russian government’s support.  Unlike a month ago, when the Russian human rights commissioner publicly decried Kvinikadze’s arrest, the Russian government has been quiet since Kvinikadze entered his guilty plea.

If Kvinikadze in fact returns shortly to Russia, the Department of Homeland Security, the agency which conducted the investigation into Kvinikadze, may be reconsidering the effectiveness of operations, like the one used against Kvinikadze, that engage foreign persons online to arrange for unlawful export transactions and entice them into travel to the United States to be arrested.  At a minimum, would-be U.S. export control violators abroad ought to think twice about meeting a potential business partner for the first time in the United States.  But more importantly, foreign governments may begin to join Russia in denouncing such U.S. policing of its laws around the world.  One of the aspects that have made U.S. investigations and law enforcement activities abroad of FCPA violations so successful in recent years is the U.S. cooperation with foreign law enforcement. Without such cooperation, the United States may see more guilty foreign criminals going home.

Permalink Comments (1)

Bookmark and Share


Copyright © 2013 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Dec

18

Name That Country!


Posted by at 6:31 pm on December 18, 2013
Category: BISDoJSanctionsSyria

Dell HQ http://www.dell.com/downloads/global/corporate/imagebank/hq/hq_rr1.jpg [Fair Use]The Securities and Exchange Commission just released on Monday, according to this article, correspondence that it had with Dell regarding an on-going  investigation by Dell, the DOJ, and the Bureau of Industry and Security (“BIS”) regarding sales of Dell computers to Syria.  These sales were made by a Dell distributor based in the U.A.E. In that correspondence, Dell indicated that it was conducting an internal investigation with outside counsel into sales by one of its Dubai-based distributors, was regularly communicating with the U.S. Attorney regarding that investigation, and had responded to a BIS subpoena requesting information about the sales in question. The company said that the investigation was not yet complete so that the company could not yet respond to the SEC’s questions as to whether Dell had any liability under U.S. export and sanctions law arising from the distributor’s sales to Syria.

The company, however, did try to suggest that it might not be liable because of a clause it cited in its distribution agreement:

Distributor acknowledges that Products licensed or sold hereunder or in respect of which services (including Dell Branded Services) are provided, which may include software, technical data and technology, are subject to the export control laws and regulations of the USA, the European Union, the Territory in which Distributor operates and the territory from which they were supplied, and that Distributor will abide by such laws and regulations. Distributor confirms that it will not export, re-export or trans-ship the Products, directly or indirectly, … to … any countries that are subject to the USA’s or those other relevant territories’ export restrictions or any national thereof … .

To paraphrase someone else, I guess you go to war with the language you have — that is to say, this language is hardly ideal. It relies on the distributor to know what countries are subject to U.S. export restrictions. Do you really think that a distributor in the U.A.E. is aware of the details of U.S. sanctions programs or even which countries are on the current U.S. bad country list? Probably not.

I certainly do not mean to imply that Dell has criminal or civil liability because of this drafting issue. Rather, my point only is that companies should be explicit in these clauses about which countries are subject to sanctions and to affirmatively advise distributors in writing when those countries change. Don’t count on your distributor to know who the U.S. has sanctioned anymore than you would count on him to know the name of last year’s winner of American Idol.

Permalink Comments (2)

Bookmark and Share


Copyright © 2013 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Dec

10

More Details Emerge on Multilateral Export Controls on Cybersecurity Items


Posted by at 8:11 pm on December 10, 2013
Category: BISCyber WeaponsWassenaar

Photo: Harland Quarrington/MOD [see page for license], via Wikimedia Commons http://commons.wikimedia.org/wiki/File%3ACyber_Security_at_the_Ministry_of_Defence_MOD_45153616.jpgLast week we posted on reports that the Wassenaar Plenary was considering adding certain cybersecurity hardware and software products to the list of items that members of the Wassenaar Arrangement, which includes the United States, have agreed to subject to export controls. A press release today from Privacy International purports to provide details and operative language for the new controls, the first control to be on certain types of intrusion software and the second on certain types of deep packet inspection (“DPI”). Both of the proposed new controls are somewhat narrower than we first thought might be the case before we saw this language.

The controls on intrusion software originate from a U.K. proposal. It would control software designed to bypass security and detection systems in order to collect data or modify the execution of software on the targeted device:

“Software” specially designed or modified to avoid detection by ‘monitoring tools’, or to defeat ‘protective countermeasures’, of a computer or network capable device, and performing any of the following:
a. The extraction of data or information, from a computer or network capable device, or the modification of system or user data; or
b. The modification of the standard execution path of a program or process in order to allow the execution of externally provided instructions.

The target seems to be malware and rootkits used by government agencies to spy on its citizens, such as FinFisher software which we previously discussed here. Of course, the language is broad enough to cover exports of most malware and might give governments additional enforcement tools against domestic hackers and distributors of malware. Although I don’t believe that anti-virus software is the intended target, the language might wind up covering such software as well since it is designed to defeat the countermeasures of viruses and malware and to extract data about the malware from a computer or network.

The second new controls will target “IP network surveillance systems.” Specifically, the language, as proposed by France, is narrower than the title suggests and reads as follows:

5. A. 1. j. IP network communications surveillance systems or equipment, and specially designed components therefor, having all of the following:
1. Performing all of the following on a carrier class IP network (e.g., national grade IP backbone):
a. Analysis at the application layer (e.g., Layer 7 of Open Systems Interconnection (OSI) model (ISO/IEC 7498-1));
b. Extraction of selected metadata and application content (e.g., voice, video, messages, attachments); and
c. Indexing of extracted data; and
2. Being specially designed to carry out all of the following:
a. Execution of searches on the basis of ‘hard selectors’; and
b. Mapping of the relational network of an individual or of a group of people.

When I previously posted about possible added controls on DPI software and hardware, I noted that the “deep” in DPI could mean many things. This language clarifies that by only covering inspection at OSI Layer 7, the so-called application layer. Moreover, it only captures items that in addition to capturing the traffic contents also index that software and analyze it for relational data among individuals. The biggest ambiguity is what is meant by a “carrier class IP network,” a term likely to be defined differently by the various members of the Wassenaar arrangement.

Permalink Comments (1)

Bookmark and Share


Copyright © 2013 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)

Dec

6

DIY Licensing Results in DDTC Debarrment


Posted by at 5:36 pm on December 6, 2013
Category: CustomsDDTCITAR

By Ncollida1106 (Own work) [CC-BY-SA-3.0 (http://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons http://commons.wikimedia.org/wiki/File%3AMTW_Picture.jpg

The State Department announced last week that it debarred LeAnne Lesmeister, a former export compliance officer for Honeywell International, Inc., from ITAR-related activities because she “used her position to circumvent Honeywell’s export compliance program in the fabrication of various export control documents that Ms. Lesmeister presented as Department of State authorizations.”  Honeywell had voluntarily disclosed Lesmeister’s activity to the State Department.

DDTC’s charging letter to Lesmeister in July of this year provides details of egregious export control violations alleged against her to support the 21 violations with which she was charged.  Just samples from the charging letter are stunning.  In connection with her work as a senior export compliance officer for a Honeywell aerospace facility in Florida, DDTC alleged the following:

  • Licenses Lesmeister “fabricated” used DSP-5 license numbers that, in some cases, had appeared on previously approved licenses to Honeywell for unrelated products or, in other cases, had appeared on previously approved licenses to unrelated applicants where a Honeywell entity sometimes appeared as a party or often not.
  • With respect to an approved technical assistance agreement that Lesmeister “falsified,” she wrote  a Honeywell employee that “we are expecting to see approval within about a week at max, all staffed agencies have responded so it is just a matter of getting the licensing office to finalize.”
  • For a “fabricated” DSP-5 license and an falsely approved technical assistance agreement, Lesmeister wrote to two Honeywell employees, “[t]hey ended up sending it to me – it ain’t pretty but it is official.”
  • In one case, Lesmeister “fabricated” a letter “supposedly issued by the Office of Defense Trade Controls Licensing” that purported to approve a temporary change in end-use to a previously exported item.

In one instance, Honeywell relied on a false DSP-5 license created by Lesmeister and, in turn, attempted to export a product to Argentina and submitted the false license to U.S. Customs.  Customs rejected the transaction because the false license number was not registered in the Automated Export System.

This case is noteworthy not just for its alleged activity, but it was also a first for the State Department.  Lesmeister failed to answer her charging letter.  As a result, and for the first time according to the State Department, it referred an unanswered charging letter alleging ITAR violations to an Administrative Law Judge for default consideration.  The Administrative Law Judge issued a default order against Lesmeister, and DDTC then issued its debarment order last week.

Admist all of this, it is important to note that DDTC charged Lesmeister with violations only between 2008 and 2012 although she had worked in export compliance at Honeywell for 27 years.  With the applicable statute of limitations likely running in connection with Honeywell’s voluntary disclosure, there is nothing in State Department documents made public to date that refer to any alleged violations that occurred prior to 2008.

At the moment, the fact that no penalties, civil or criminal, have been imposed against anyone is stunning.  Honeywell, however, appears to have done several things right.  Honeywell terminated Lesmeister in June 2012 upon discovery of the violations and, sometime thereafter, voluntarily disclosed the matter to the State Department.

On the other hand, Honeywell may not be out of the woods.  The violations as alleged are significant to say the least and appear to have been discovered by Honeywell only in 2012 after Lesmeister had been with the company for over a quarter-century.  The DDTC charging letter also describes Lesmeister’s activities in ways that suggest impermissibility could have been suspected or detected.  For example, her “fabricated” DSP-5 licenses were described in different instances as “low-quality scan[s],” included “page numbers [that] were not sequential” and, perhaps worst, “the country of ultimate destination was inconsistent with the end-users listed.”

There has been no mention of any parallel proceedings being conducted by the Justice Department, or any other U.S. agency like Customs, for alleged activities that violate more than just ITAR.  One has to wonder what else may be happening, however, when the only penalty is a single person’s debarment from ITAR-related activity after that person for years was running a counterfeit government licensing department from her office for one of the largest U.S. companies.

Until more information is made public, the debarment of LeAnne Lesmeister is, at a minimum, an exceptional case for ITAR enforcement.  If there is a preliminary moral to the story, it should be that routine audits of compliance programs do serve a purpose and, if properly calibrated, should detect issues like those in this case.

Clif adds:  One explanation for Ms. Lesmeister’s failure to respond to DDTC is concern over possible criminal prosecution and a desire to avoid providing either incriminatory information admitting the violations or information denying the violations that could serve as a basis for a prosecution for lying to federal agents.   There is no evidence on PACER that Ms. Lesmeister has been indicted yet, but that doesn’t mean there isn’t an on-going parallel criminal investigation

Permalink Comments (2)

Bookmark and Share


Copyright © 2013 Clif Burns. All Rights Reserved.
(No republication, syndication or use permitted without my consent.)