eib world trade headlineseib.com/news/jun2016vol8issue11.pdf · 1st seminar a success...

Evolutions In Business • www.eib.com • (978) 256-0438 Fax: (978) 250-4529 • P.O. Box 4008, Chelmsford, MA 01824

June 15, 2016 – Volume 8, Issue 11

EIB World Trade Headlines

NEWSLETTERNOTES*EvolutionsInBusinessJune1stSeminarASuccess*Canadian-IranianCitizenSentenced…*High-poweredBritishdrone-freezing… *ARRESTS,TRIALSANDCONVICTIONS…*CYBER,HACKING,DATATHEFT… *FBIWarnsNation-State…*DEPARTMENTOFCOMMERCEBureauofIndustry…

Evolutions In Business June 1st Seminar A Success

OurfulldayseminarattheWestfordRegencywentgreat!Itwasaveryhotdayoutside,whichmadetheindoorACawelcomedtreat.WehadmanydifferentmanufacturingcompaniesjoinusrepresentingdifferentsectorsacrosstheU.S.AfewfolkshadissueswiththeirflightsbutwehopetoseethemintheFallwhenwecoverthismaterialagain.WecoveredEAR&ITARRegulationsfocusingonExportReformchangesandthe600series.WewerehonoredtohavekeynotespeakersSpecialAgentsWilliamHiggins,OfficeOfExportEnforcement,BISandAlexMiriswiththeUSDepartmentofHomelandSecurity,HomelandSecurityInvestigations(HSI.)Theybothgaveexcellentpresentationsbaseduponfieldworkinactualcasesrelatedtoexportviolations.TheworktheydoissovitaltoourNationalSecurityandwethankthemforjoiningus.WehopetoholdanotherfulldayseminarsometimeinNovember

2017,moreinformationonthatwillcomeoutnextyear!

2

Canadian-Iranian Citizen Sentenced In Manhattan Federal Court To Three Years In Prison For Conspiring To

Violate Iran Sanctions

PreetBharara,theUnitedStatesAttorneyfortheSouthernDistrictofNewYork,andJohnP.Carlin,AssistantAttorneyGeneralforNationalSecurity,announcedthatALIREZAPARSA,aCanadian-IraniandualcitizenandresidentofCanada,wassentencedonFriday,May20,2016,tothreeyearsinprisonforhisparticipationinaconspiracytoviolatetheInternationalEmergencyEconomicPowersAct(“IEEPA”)andtheIranianTransactionsandSanctionsRegulations(“ITSR”).PARSAwasarrestedinOctober2014followinganinvestigationbytheFederalBureauofInvestigation(“FBI”)andUnitedStatesDepartmentofCommerce,BureauofIndustryandSecurity(“BIS”).PARSApledguiltyonJanuary20,2016,beforeU.S.DistrictJudgeRonnieAbrams,whoimposedFriday’ssentence.ManhattanU.S.AttorneyPreetBhararasaid:“Asheadmittedincourt,AliRezaParsaconspiredtopurchasehigh-techelectroniccomponents–someusedintheproductionofrocketsandmissiles–fromAmericancompaniesforeventualdeliverytoIranthroughCanada.Hehasnowbeensentencedtothreeyearsinprisonforhisviolationoffederallaw.”AssistantAttorneyGeneralJohnP.Carlinsaid:“Overthecourseofsixyears,ParsarepeatedlyviolatedexportcontrollawsandaidedIranianentitiesinprocuringhigh-techelectroniccomponentsthathavebothcommercialandmilitaryuses.Withthissentence,hewillbeheldaccountableforcircumventingimportantU.S.lawsdesignedtoprotectournationalsecurityinterests.Oneofourtopnationalsecuritypriorities remainssafeguardingournationalassetsfromthosewhomaywishtodousharm.”AccordingtotheIndictmentfiledagainstPARSAandothercourtdocumentspubliclyfiledinthiscaseandstatementsmadeincourtproceedings,includingFriday’ssentencing:Betweenapproximately2009and2015,PARSAconspiredtoobtainhigh-techelectroniccomponentsfromAmericancompaniesfortransshipmenttoIranandothercountriesforclientsofPARSA’sprocurementcompanyinIran,TavanPayeshMad,inviolationofU.S.economicsanctions.Toaccomplishthis,PARSAusedhisCanadiancompany,MetalPM,toplaceorderswithU.S.suppliersandtypicallyhadthepartsshippedtohiminCanadaortoafreightforwarderlocatedintheUnitedArabEmirates,andthentransshippedfromtheselocationstoIranor tothelocationofhisIraniancompany’sclient.PARSAprovidedtheU.S.companieswith

(*Continued On The Following Column)

falsedestinationandend-userinformationaboutthecomponentsinordertoconcealtheillegalityofthesetransactions. PARSA’scriminalschemetargetednumerousAmericantechnologycompanies.ThecomponentsthatPARSAattemptedtoprocureincludedcryogenicaccelerometers,whicharesensitivecomponentsthatmeasureaccelerationatverylowtemperatures.Cryogenicacceleratorshavebothcommercialandmilitaryuses,includinginapplicationsrelatedtoballisticmissilepropellantsandinaerospacecomponentssuchasliquid-fuelrocketengines.Inaddition,followinghisarrestandwhileincarceratedattheMetropolitanDetentionCenter,PARSAcontinuedtoviolatetheIEEPAandtheITSRbyconductingbusinessforMetalPMandTavanPayeshMad,includingbyorderingpartsfromGermanandBraziliancompaniesforIraniancustomers.PARSAsubsequentlydirectedarelativetodeleteemailevidenceofhisongoingbusinesstransactionswhileinjail,emphasizingtheneedforsecrecyintheirdealings.NeitherPARSAnoranyotherindividualorentityinvolvedintransactionsthatgaverisetohisconvictionappliedfororobtainedalicensefromtheU.S.DepartmentoftheTreasury’sOfficeofForeignAssetsControlforthetransactions.Inadditiontothe36-monthprisonterm,PARSA,45,wasorderedtopaya$100specialassessment.Mr.BhararapraisedtheoutstandinginvestigativeworkoftheFBIandBIS.HealsothankedtheU.S.DepartmentofJustice’sNationalSecurityDivision’sCounterintelligenceandExportControlSection.ThisprosecutionisbeinghandledbytheOffice’sTerrorismandInternationalNarcoticsUnit.AssistantUnitedStatesAttorneysMichaelD.LockardandAnnaSkotkoareinchargeoftheprosecution.

High-powered British drone-freezing ray to trial in US airports

Ahigh-poweredraygunthatcanjamdronesignalsandstopthemmid-flightisbeingtestedoutbytheUSgovernment’sFederalAviationAdministration(FAA).Thetechisdesirableasit’sexpectedtoclearandsecureairspacearoundairports.Ithasthepotentialto detectsmall,unmannedaerialvehiclesthatareflyingaroundtheairportandmaypotentiallybeownedandoperatedbyterroristsandsmugglers.

(*ContinuedOnTheFollowingPage)

3

DeemedtheAnti-UAVDefenseSystem(Auds),thedrone-freezingraywasdevelopedbythreeBritishcompanies–EnterpriseControlSystems,BlighterSurveillanceSystems,andChessDynamics.Buthowexactlydoesthedrone-freezingraywork?First,athermalimagingcameraallowstheAudsoperatortotargetaparticulardrone.Oncethedronehasbeenlocated,averyhigh-poweredradiosignalisthenactivated,jammingthedrones’signals,makingthemunresponsive.Audsoperatorshavetheabilitytofreezedronesandwarnpilotsiftheythinksomethingiswrongwiththedevice.Itcanalsocrashdevicesbyinstallingdronesintheairforaslongasthebatterylasts.InadditiontotheAuds,theUSArmyalsohasweaponsabletodestroylargerdrones.Projectilescanbelaunchedandsteeredtodronesusingground-basedradars.Thedrone-freezingrayissettobetestedatseveralairportstobeselectedbytheFAA.TwootherUS-basedfirms–GryphonSensorsLLCandSensofusion–willalsotakepart.

ARRESTS, TRIALS AND CONVICTIONS Navy Lt. Cmdr. Edward Lin Pleads Not

Guilty to Spying Charges

WAVY.COMMay17,2016NORFOLK,Va(WAVY)—NavyLt.Cmdr.EdwardLinhaspleadednotguiltytoespionagechargesandhasrequestedatrialbyjury.CourtdocumentsclaimLinillegallysharedinformationwithaforeigngovernmentandfalsifiedrecords.Thegovernmenthasnevernamedthecountryforwhichhe’saccusedofspyingfor,10OnYourSidehaslearnedit’slikelyTaiwan,whereLinwasborn.InnewlyunredactedchargesheetsreleasedTuesday,itwaslearnedthatLin’sespionagechargesrevolvearoundincidentsinWashington,D.C.Thepaperworkassertsthatwhileinthenation’scapitalfrom,September2012–December2013andApril2012–May2014,Lingaveinformationclassifiedas“secret”with“intentorreasontobelieveitwouldbeusedtotheadvantageofaforeignnation.”“Secret”informationisonestepbelow“TopSecret.”Topsecretisthemilitary’smostguardedinformation.AccordingtobiographicaldatareleasedfromtheNavy,LinworkedatthePentagonfromlateFebruary2012throughtheendofNovember2013.HewasastafferworkingfortheAssistantSecretaryoftheNavyforFinancialManagementandComptroller.


LinalsofacestwocountsofpurposefullylyingabouthistravelinOctober2014andApril2015.TheNavysaysthatbothtimes,LinlistedhisfinaldestinationasAlexandria,Virginia,whenhewasactuallytravelingtoaforeigndestination.Thatdestinationwasnotdisclosedinthedocumentation.In2014,untilhisarrestin2015,LinwasstationedinPearlHarborwhereheoversawseveralNavyspyplanes.ThenewlyunredacteddocumentsalsoshowthatLin’sthreecountsofattemptedespionageandfivecountsofcommunicatingdefenseinformation,chargeslessseverethanespionageorattemptedespionage,allegedlyoccurredinPearlHarbor.AccordingtoaudiofromhispreliminaryhearinginApril,thegovernmentfoundanotebookandemailsathishomewithsecretintelligence.NCISinvestigatorssayLinspokewithaFBIinformantinMandarin,hisnativelanguage.ThemilitarygoesontosayhepassedontheintelligencehegatheredtoaprostituteinHawaii.Linoriginallyfacedcountsofsolicitingaprostituteandadultery,butthosechargesweredropped.InvestigatorstookLinintocustodyattheHonoluluairportinSeptember2015,andquestionedhimfortwodays.Thereisvideoofthe11hoursofinterrogations.ThegovernmentsaysLinadmittedtoallthecharges.Lin’sdefenselawyersargueundercoveragentsforcedhimtomakethoseallegedconfessions.Theyalsomaintaintheinformationheallegedlygavewasnolongerclassified.Lin’smisstepsdatebackto2011.That’swhenhe’saccusedoffailingtoreportforeigntravel.DuringthattimehewasastudentattheNavalWarCollegeinNewport,RI.Lin’snexthearingisscheduledforearlyJune.Hisattorneyssaythat’swhenthey’llpetitiontohavehimreleasedfromtheBrig.http://wavy.com/navy-lt-cmdr-edward-lin-to-stand-trial-on-spying-charges

CYBER, HACKING, DATA THEFT, COMPUTER INTRUSIONS & RELATED

FBI Warns against Wireless Keystroke Loggers Disguised as USB Chargers

Alert is for companies that use wireless Microsoft keyboards

SOFTPEDIAMay24,2016AttheendofApril,theFBIissuedapublicalertregardingKeySweeper,apieceofcustomhardwarecreatedbysecurityresearcherSamyKamkarasaproof-of-conceptproject,capableofstealingkeystrokesfromwirelessMicrosoftkeyboardsbyinterceptingnearbyradiosignalsanddecryptingthekeyboard'sprotocol.

(*Continued On The Following Page)

4

ThedeviceworksontopofanArduinoboard,whichissmallenoughtofitinsidethecaseofaUSBcharger.SinceUSBchargershavebecomecommonplacewiththeproliferationofmobiledevicessuchassmartphonesandtablets,seeingonesuchdevicepluggedintoawallsocketandabandonedinanofficeisnotoutoftheordinarythesedays.TheFBIwarnscompaniestolimitthenumberofoutletsavailablefordevicecharging,toinstructemployeestorecognizewhosechargersarecurrentlypluggedin,andnottoleaveanychargerpluggedintothewallifnotused.Additionally,companieswerealsoinstructedtolimittheusageofwirelesskeyboards,eitherbyswitchingtowiredkeyboardsortoonesthatuseBluetoothforcommunications.However,ifcompaniesuseBluetoothkeyboards,theFBIalsorecommendsusingencryption,alongwithastrongPIN.KeySweeperisnoteffectiveagainstallkeyboardsKeySweepercannotharvestkeystrokesfromBluetoothkeyboards,withKamkaronlydesigningitforRF-basedwirelesskeyboardscreatedandsoldbyMicrosoft.Ofcourse,withthedocumentationoutthereintheopen,anyonecanveryeasilyadaptittootherplatformsandmanufacturers.WhileitwasdoingdamagecontrolafterKamkar'sannouncementlastyear,Microsoftalsosaidthatkeyboardsthatoperateonthe2.4GHzfrequencyandmanufacturedafter2011arealsosafebecausetheyuseAdvancedEncryptionStandard(AES)encryptionforsecuringkeystrokesbetweenthekeyboardandthecomputer.KamkarreleasedthedeviceinJanuary2015,buttheFBIhasonlyrecentlyissuedthisalert,whichmeansthatitinvestigatedatleastonecasewheresomeoneusedaKeySweeperdevicetologkeystrokes. FBI Warns Nation-State Cyber Attacks

Are Continuing

ChinesesoldiersbrowseonlinenewsondesktopcomputersatagarrisonofthePLA/APForeigngovernmenthackersarecontinuingtotargetU.S.governmentandprivatesectorcomputernetworksinsophisticatedcyberattacks,theFBIwarnedinanalertsentthisweek.“AdvancedPersistentThreat(APT)cyberactorscontinuetotargetsensitiveinformationstoredonU.S.commercialandgovernmentnetworksthroughcyberespionage,”theFBIsaidintheMay11notice.Theterm“APTactor”isaeuphemismforstate-sponsoredorhighlysophisticatedcyberattackers,usuallyinvolvingconnectionstoforeignmilitariesorintelligenceservices.TwocybersecurityresearcherswhoexaminedtheFBInoticelistingdetailsofthecyberattackssaidthetacticsappearedsimilartothoseusedinthepastbyChinesehackers,includingthesuspectsbehindthemassivetheftofrecordson22millionfederalworkersfromtheOfficeofPersonnelManagement.


TheFBIlistedsevenmajorInternetserversoftwaretypeshackedinthepastyear,includingtwoAdobeColdFusionsecurityflaws.ColdFusionsoftwareisusedwithlargedatabases.OtherattacksinvolvedApacheTomcat,JBoss,andCacti,softwareusedforremotedatalogging.Drupalserversusedtooperatealargenumberofwebsitesaroundtheworld,includingcorporateandgovernmentsites,alsowerecompromised.Joomlacontent-managementsoftwarealsowascompromised,theFBIsaid.AseventhcompromiseaffectedOracle’sE-BusinessSuitesoftware,usedforcustomermanagementandsupply-chainmanagement.State-sponsoredhackersexploitedvulnerabilitiesinallseventypesofsoftware,and“someofthesevulnerabilitiesarealsoexploitedbycybercriminalsinadditiontostate-sponsoredoperators,”theFBIsaid.“Thecompromiseswere[used]tobuildinfrastructureandforexploitation,”thenoticestates.Onlytwoofthecompromisestookplacelastyear,anindicationthatsoftwarepatchesappliedlastyeartocloseentryholeshavenotstoppedtheattacksandthatoldervulnerabilitiescontinuetobeusedbycyberspies,thenoticesays.TheFBIwarnednetworkadministratorstoengagein“proactivepatchmanagement”asthemainlineofdefenseforprotectingpubliclyaccessiblecomputerserversfromattack.OneindicatorthatChinamayhavebeenbehindthecyberespionagewastheuseofspear-phishingemailscontaininglinkstodocumentsorcompromisedsystems.ThetechniqueissaidtobeafavoriteofChinesemilitaryhackers,includingthosepartofShanghai-basedUnit61398thathasbeentracedtowidespreadcyberattacksagainstU.S.governmentandprivatenetworksoverthepastseveralyears.“AgeneralconsensusisitisChinese[tactics,techniquesandprocedures],”saidonesecurityresearcher,whospokeonconditionofanonymity.TheFBIsaidtherecentgovernment-sponsoredhackingcontinuedtousefraudulentemailstolureunsuspectingusersintoprovidingremotecomputeraccess.Thehackersalsowereabletonavigatewidelyonceinsideanetwork.“Previousspear-phishemailssentbytheseactorscontaineddecoydocuments,suchasaU.S.letterfaxtestpageandanofficemonkeysvideo,”thenoticestates.“Onceoncomputernetworks,theactorsutilizingtheseexploitsareextremelyadeptatlateralmovementthroughtheenterprise,toincludetheabilitytogainadministrativeaccess,includingdomain-levelaccess,withinashorttimeframe.”LikethehackerslinkedtoOPMattack,therecenthackersalsousedaprogramcalledMimikatzfor“credentialharvesting”fromremoteusers.AnotherprogramcalledLogonUIallowedthehackerstomaintaintheirpresenceinsideahackednetwork.


5

Additionally,thehackersusedpublicdatastoragesitesforstoringthestolendataanddeliveringmalware,includingGoogleDrive,MicrosoftOneDrive,andDropbox.Inarelativelynewtechnique,thehackersusedaTorsoftwarecalledMeekthatallowsonlineuserstoevadedetectionandtrackingandalsotohidedatatheft.IftherecentcyberespionageisconfirmedasChineseinorigin,itwouldbeasetbackfortheObamaadministration.TheadministrationwassettoimposesanctionsonChinesehackersinSeptemberinrespondtoBeijing’sroleinthelarge-scaleOPMdatatheft.However,thesanctionsweredroppedduringthesummitinWashingtoninexchangeforapledgefromChineseleaderXiJinpingtohaltcybereconomicespionage.AWhiteHouseNationalSecurityCouncilspokesmanhadnoimmediatecomment.SeniorU.S.intelligenceofficials,includingDirectorofNationalIntelligenceJamesClapperandCyberCommandcommanderAdm.MikeRogers,toldCongressearlierthisyeartheycouldnotconfirmChinahadhaltedthepracticeofstealingdatathroughcyberespionage.ClappersaidinMarchit“remainstobeseen”whetherChinawillhaltcyberspying.ContrarytotheXipledge,however,Rogerssaid,“cyberoperationsfromChinaarestilltargetingandexploitingU.S.government,defenseindustry,academic,andprivatecomputernetworks.”ThecommentsweremadeinpreparedtestimonytoaHouseArmedServicessubcommitteeonMarch16.MissileDefenseAgencyDirectorViceAdm.JamesSyringalsotoldaHousehearingMay14thatChinesemilitarycyberattacksonhisagency’snetworkswereadailyoccurrence.“Mybiggestconcernremainsinourcleareddefensecontractorbaseandtheirprotections,”Syringsaid.China’scyberespionageandattackoperationshaveincludedcompromisesofmajorU.S.weaponssystems,includingtheF-35andF-22jetfighters,theB-2stealthbomber,andthespace-basedlaser.ANationalSecurityAgencydocumentmadepublicbyformercontractorEdwardSnowdenrevealedthattheChinesestoleradardesignandengineschematicsforthenewF-35.FBIspokeswomanNoraSchelanddeclinedtocommentonthealertbutsaidtheFBIroutinelyadvisesprivateindustryonvariouscyberthreatindicatorsgainedfrominvestigations.http://freebeacon.com/issues/fbi-warns-nation-state-cyber-attacks-continuing

DEPARTMENT OF COMMERCE Bureau of Industry and Security

Revisions to Definitions in the Export Administration Regulations

ACTION:Finalrule.SUMMARY:ThisfinalruleispartoftheAdministration’sExportControlReform(ECR)Initiative.TheInitiativewillenhanceU.S.nationalandeconomicsecurity,facilitatecompliancewithexportcontrols,updatethecontrols,andfurtherthegoalofreducingunnecessaryregulatoryburdensonU.S.exporters.Aspartofthiseffort,theBureauofIndustryandSecurity(BIS),inpublishingthisrule,makesrevisionstotheExportAdministrationRegulations(EAR)toincludecertaindefinitionstoenhanceclarityandconsistencywithtermsalsofoundintheInternationalTrafficinArmsRegulations(ITAR),whichisadministeredbytheDepartmentofState,DirectorateofDefenseTradeControls(DDTC),orthatDDTCexpectstopublishinproposedrules.ThisfinalrulealsorevisestheScopepartoftheEARtoupdateandclarifyapplicationofcontrolstoelectronicallytransmittedandstoredtechnologyandsoftware,includingbywayofcloudcomputing.DDTCisconcurrentlypublishingcomparableamendmentstocertainITARdefinitionsforthesamereasons.Finally,thisrulemakesconformingchangestorelatedprovisions.DATES:ThisruleiseffectiveSeptember1,2016.SEE81fr35568forcompleteinfo.RevisionstoDefinitionsintheExportAdministrationRegulations:FrequentlyAskedQuestions(FAQs)EffectiveSeptember1,2016EffectiveSeptember1,20161NotSubjecttotheEAR:InformationreleasedbyInstructioninaCatalogCourseorAssociatedTeachingLaboratoryofanAcademicInstitution(§734.3)(b)(3))Q.1:Iteachauniversitygraduatecourseondesignandmanufactureofveryhigh-speedintegratedcircuitry.Manyofthestudentsareforeigners.DoIneedalicensetoteachthiscourse?A:No.ReleaseofinformationbyinstructionincatalogcoursesandassociatedteachinglaboratoriesofacademicinstitutionsisnotsubjecttotheEAR.


6

Q.1.2:Woulditmakeanydifferenceifsomeofthestudentswerefromcountriestowhichexportlicensesaregenerallyrequiredfortheseitems?A:No.Q.1.3:Woulditmakeanydifference,inteachingthiscourse,ifItalkaboutrecentandasyetunpublishedresultsfrommylaboratoryresearch?A:No.Q.1.4:Evenifthatresearchisfundedbythegovernment?A:EventhentheinformationwouldnotbesubjecttotheEAR.However,youwouldnotbereleasedfromanyobligationsimposedbyanyotherlaworyourgrantorcontract.Q.1.5:WoulditmakeanydifferenceifIwereteachingataforeignuniversity?A:No.Q.2:Mycompanyteachesproprietarycoursesondesignandmanufactureofhigh-performancemachinetools.IstheinstructioninourclassessubjecttotheEAR?A:ThatinstructionismostlikelysubjecttotheEAR,becauseitwouldnotqualifyas“releasedbyinstructioninacatalogcourseorassociatedteachinglaboratoryofanacademicinstitution”under§734.3(b)(3)becauseyourproprietarybusinessdoesnotqualifyasan“academicinstitution”withinthemeaningof§734.3(b)(3).Conceivably,however,theinstructionmightqualifyas“unlimiteddistributionataconference,meeting,seminar,tradeshow,orexhibition,generallyaccessibletotheinterestedpublic”under§734.7(a).Theconditionsthatwouldhavetobesatisfiedarethatsuchaseminarorgatheringqualifyas“open,”includingafeereasonablyrelatedtocosts(oftheconference,notofproducingthedata),andthatthereisanintentionthatallinterestedandtechnicallyqualifiedpersonsbeabletoattend.PublishedTechnologyandSoftware(§734.7)Q.1:Arelibrarieswithaccesscontrolsinplaceforphysicalsecurityreasons(e.g.,toguardagainsttheftofwrittenmaterialsortokeeptheuserssafe)“openandavailabletothepublic?”A:Yes.RevisionstoDefinitionsintheExportAdministrationRegulations:FrequentlyAskedQuestions(FAQs)EffectiveSeptember1,2016EffectiveSeptember1,20162Q.2:MyPh.D.thesisisontechnology,whichislistedintheEARasrequiringalicensetoalldestinationsexceptCanadaandhasneverbeenpublishedforgeneraldistribution.However,thethesisisavailableattheinstitutionfromwhichItookthedegree.DoIneedalicensetosendanothercopytoacolleagueoverseas?A:Thatmaydependonwhereintheinstitutionyourthesisisavailable.Ifitisnotreadilyavailableintheuniversitylibrary,itisnot“published”anditsexportorreexportwouldbesubjecttotheEARonthatground.IfyourPh.D.researchqualifiedas“fundamentalresearch”under§734.8,itwouldnotbesubjecttotheEAR.Ifnot,however,youwilleitherneedtoobtainalicenseorqualifyforalicenseexception(ifalicenserequirementapplies)orusetheNoLicenseRequired(NLR)


designation(ifalicenserequirementdoesnotapply)beforeyoucansendacopyofyourthesisoutoftheU.S.Q.3:Whatdoes“unclassified”meanin§734.7?A:Unclassifiedinformation”referstoinformationnotclassifiedinaccordancewithExecutiveOrder13526,75FR707;3CFR2010Comp.,p.298,oracomparablepredecessororsuccessororder.Q.4:Arecopyrightprotectionsorgenericpropertyrightsintheunderlyingphysicalmedium“restrictionsupon…furtherdissemination”thatmakeinformationnot“published?”A:No.Copyrightprotectionsorgenericpropertyrightsintheunderlyingphysicalmediumarenotsuchrestrictions.Q.5:Iplantopublishinaforeignjournalascientificpaperdescribingtheresultsofmyresearch,whichisinanarealistedintheEARasrequiringalicensetoallcountriesexceptCanada.DoIneedalicensetosendacopyofthepapertomypublisherabroad?WouldtheanswerdifferdependingonwhereIworkorwhereIperformedtheresearch?A:No.ThisexporttransactionisnotsubjecttotheEAR.TheEARdonotcovertechnologythatisalreadypublishedortechnologythatismadepublicbythetransactioninquestion(§§734.3and734.7).Yourresearchresultswouldbemadepublicbytheplannedpublication.Theanswerwouldnotdifferdependingonwhereyouworkorperformedtheresearch.Q.5.1:WouldIneedalicensetosendthepapertotheeditorsofaforeignjournalforreviewtodeterminewhetheritwillbeacceptedforpublication?A:No.ThisexporttransactionisnotsubjecttotheEARbecauseyouaresubmittingthepapertotheeditorswiththeunderstandingthatthepaperwillbemadeavailabletothepublic(published)iffavorablyreceived(§734.7(a)(5)).ThisanswerisapplicabletosubmissionstoeitherU.S.orforeignjournals.Q.6:IhavebeeninvitedtogiveapaperataprestigiousinternationalscientificconferenceonatechnologylistedasrequiringalicenseundertheEARtoallcountries,exceptCanada.Scientistsinthefieldaregivenanopportunitytosubmitapplicationstoattend.Invitationsaregiventothosejudgedtobetheleadingresearchersinthefield,andattendanceisbyRevisionstoDefinitionsintheExportAdministrationRegulations:FrequentlyAskedQuestions(FAQs)EffectiveSeptember1,2016EffectiveSeptember1,20163invitation only. Attendees will be free to take notes, but not make electronic or verbatim recordings of the presentations or discussions. Some of the attendees will be foreigners. Do I need a license to give my paper? A: No. Release of information at an open conference and information that has been released at an open conference are not subject to the EAR (see § 734.7(a)(3)). A conference or gathering is “open” (see also § 734.7(a)(5)(iii)) if all technically qualified members of the public are eligible to attend and attendees are permitted to take notes or otherwise make a personal record (not necessarily a recording) of the proceedings and presentations. All technically qualified


7

membersofthepublicmaybeconsideredeligibletoattendaconferenceorothergatheringnotwithstandingaregistrationfeereasonablyrelatedtocostandreflectinganintentionthatallinterestedandtechnicallyqualifiedpersonsbeabletoattend,oralimitationonactualattendance,aslongasattendeeseitherarethefirstwhohaveappliedorareselectedonthebasisofrelevantscientificortechnicalcompetence,experience,orresponsibility.Q.6.1:Woulditmakeanydifferenceiftherewereaprohibitionontakingnotesorotherpersonalrecordofwhattranspiresattheconference?A:Yes.Toqualifyasan“open”conference,attendeesmustbepermittedtotakenotesorotherwisemakeapersonalrecord(althoughnotnecessarilyarecording).Ifnotetakingorthemakingofpersonalrecordsisaltogetherprohibited,theconferencewouldnotbeconsidered“open.”Q.6.2:Woulditmakeanydifferenceiftherewerealsoaregistrationfee?A:Thatwoulddependonwhetherthefeeisreasonablyrelatedtocostsoftheconferenceandreflectsanintentionthatallinterestedandtechnicallyqualifiedpersonsshouldbeabletoattend.Q.6.3:Woulditmakeanydifferenceiftheconferenceweretotakeplaceinanothercountry?A:No.Q.6.4:MustIhavealicensetosendthepaperIproposetopresentatsuchaforeignconferencetotheconferenceorganizerforreview?A:No.AlicenseisnotrequiredundertheEARtosubmitpaperstoforeignorganizersofopenconferencesorotheropengatheringswiththeunderstandingthatthepaperswillbedeliveredattheconference,andsobepublished,iffavorablyreceived.ThesubmissionofthepapersisnotsubjecttotheEAR(§734.7(a)(5)).Q.6.5:Wouldtheanswerstoanyoftheforegoingquestionsbedifferentifmyworkweresupportedbythefederalgovernment?A:No.Youmayexportandreexportthepapers,evenifthereleaseofthepaperviolatesanyagreementsyouhavemadewithyourgovernmentsponsor.However,nothingintheEARrelievesyouofresponsibilityforconformingtoanycontrolsyouhaveagreedtoinyourFederalgrantorcontract.FundamentalResearch(§734.8)RevisionstoDefinitionsintheExportAdministrationRegulations:FrequentlyAskedQuestions(FAQs)EffectiveSeptember1,2016EffectiveSeptember1,20164Q.1:WhatisconsideredfundamentalresearchundertheEAR?A:TheroleoftheEARisnottoregulatefundamentalresearchassuch;itistoregulatethetransferoftechnologyandsoftware.TechnologyorsoftwarethatarisesduringorresultsfromfundamentalresearchisgenerallynotsubjecttotheEAR(see§734.8forspecificcriteria).(Pleasenote:Section734.8doesnotapplytophysicalobjectssuchaspathogensorequipment.)FundamentalresearchisdescribedintheEARas


as“researchinscience,engineering,ormathematics,theresultsofwhichordinarilyarepublishedandsharedbroadlywithintheresearchcommunity,andforwhichtheresearchershavenotacceptedrestrictionsforproprietaryornationalsecurityreasons.”Thetechniquesusedduringtheresearcharenormallypubliclyavailableorarepartofthepublishedinformation.

- Example:ThereisajointU.K./U.S.university-basedresearchprojectonvectoridentificationforMarburgviruswithnorestrictionsonpublicationoftheresultsoftheresearchorofanytechnologyreleasedtotheresearchers.Theresearchwouldbeconsideredfundamentalandtheinformationresultingfromthisresearch,suchastheresultsandmethods,arenotsubjecttotheEAR.Therewouldbeno“deemedexport”requiredforforeignnationalsworkingattheU.S.universityandnoexportlicenserequiredfordiscussingresearchmethodsandoutcomesbetweenthetwouniversities.AnexportlicensewouldberequiredfortheexportoftheMarburgvirussamplestotheU.K.university.

Q.2:WhattypesofresearchareNOTconsideredfundamentalresearchundertheEAR?A:Researchisnotconsideredfundamentalresearchwhenthelaboratory,company,universityorresearcherrestrictsthepublicationoftheoutcomeoftheresearchorrestrictsthepublicationofthemethodsusedduringtheresearch.ThefollowingareexamplesofresearchthatisnotconsideredfundamentalandinformationthatbecomessubjecttotheEAR:·Proprietaryresearch.·Anyresearchmethodsoroutcomesofgovernment-fundedresearchthathavebeenspecificallyrestrictedfrompublication.OnlytheinformationthatisthusrestrictedwouldbecomesubjecttotheEAR;theremainderoftheresearchmethodsandoutcomesthathavenotbeensubjecttorestrictionwouldbeconsideredinformationresultingfromfundamentalresearch.·Anyresearchmethodsoroutcomesofgovernment-fundedresearchthathavebeencommunicatedinviolationofanyconditionthatmayexistinthefundinginstrumentthatrequiresprepublicationsecurityreviewoftheresearchcommunication.·Researchmethodsoroutcomesthataninvestigatorvoluntarilydecidesshouldnotbecommunicatedwidelybecauseofsecurityconcernsandthereforeself-redactsfrompublication.OnlytheinformationthatisredactedwouldbecomesubjecttotheEAR;theremainderoftheresearchmethodsandoutcomesthathavenotbeensubjecttoself-redactionwouldbeconsideredinformationresultingfromfundamentalresearch.RevisionstoDefinitionsintheExportAdministrationRegulations:FrequentlyAskedQuestions(FAQs)EffectiveSeptember1,2016EffectiveSeptember1,20165


8

- Example:Government-fundedresearchersstudyingBacillusanthracisacceptnationalsecurityprepublicationreviewoftheirresearch.Ifthegroupcomplieswiththereviewrequirementanddoesnotcommunicatethisresearchwithouttherequiredreviews,theirresearchremainsfundamentalresearch.However,anyoftheinformationresultingfromthisresearchthatisrestrictedfrompublicationbecomessubjecttotheEAR.ResearchmethodsandoutcomesfromthesameprojectthatarenotsubjecttorestrictionwouldremaininformationresultingfromfundamentalresearchandnotsubjecttotheEAR.

Decisionstorestrictpublication,regardlessofthesourceofthedecision,wouldmeanthatthetechnologynotintendedtobepublishedistechnologysubjecttotheEAR.Thisdecisionisnotretroactive,soitwouldnotimposealicenserequirementforexportsoftheinformationthathavealreadytakenplace,butmayimposealicenserequirementforfutureexportsoftheinformationandfuturedeemedexportlicensesasnecessary.Q.3:Ourinternalcomplianceprogramusesaslightlydifferentdefinitionof“fundamentalresearch”fromtheoneintheEAR.WeusetheexactwordingfoundinNationalSecurityDecisionDirective(NSDD)-189.DoweneedtoreviseourprogrammaterialstomatchtheEARdefinition?A:No.ThescopeofEARdefinitionisfullyconsistentwiththescopeofNSDD-189definition.Q.4:DoesBISpresumethatresearchconductedbyscientists,engineers,orstudentsatanaccreditedinstitutionofhighereducationlocatedintheUnitedStateswillbeconsideredfundamentalresearch?A:Yes,but,aswithallrebuttablepresumptions,itisrebuttediftheresearchisnotwithinthescopeoftechnologyandsoftwarethatarisesduring,orresultsfrom,fundamentalresearchasdescribedin§734.8.Q.5:MyresearchsponsorwillreviewtheresultsofmyresearchbeforeIpublish.DoesthisreviewaffectwhethermyresultsaresubjecttotheEAR?A:Itdependsonthenatureoftheprepublicationreview.(See734.8(b).)Prepublicationreviewbyasponsorofuniversityresearchtoensurethatthepublicationwouldnotcompromisepatentrightsorwouldnotinadvertentlydivulgeproprietaryinformationthatthesponsorhasfurnishedtotheresearchersdoesnotchangethestatusoftheresearchasfundamentalresearch.Iftheresultofthereviewistorestrictpublication,theEARappliestothatinformationforwhichpublicationisrestricted.Forexample,university-basedresearchisnotconsidered“fundamentalresearch”iftheuniversityoritsresearchersaccept,attherequestofanindustrialsponsor,otherrestrictionsonpublicationofscientificandtechnicalinformationresultingfromtheprojectoractivity.Scientificandtechnicalinformationresultingfromtheresearchwillnonethelessqualifyasfundamentalresearchonceallsuchrestrictionshaveexpiredorhavebeenremoved.


Q.6:IsinformationgiventoresearchersbyasponsorsubjecttotheEAR?RevisionstoDefinitionsintheExportAdministrationRegulations:FrequentlyAskedQuestions(FAQs)EffectiveSeptember1,2016EffectiveSeptember1,20166A:TheinitialtransferofinformationfromanindustrysponsortouniversityresearchersissubjecttotheEARwherethepartieshaveagreedthatthesponsormaywithholdfrompublicationsomeoralloftheinformationsoprovided.Q.7:Whatifourresearchisgovernment-fundedandthegovernmentimposesaccessanddisseminationcontrolsonit?A:TechnologyorsoftwareresultingfromU.S.governmentfundedresearchthatissubjecttogovernment-imposedaccessanddisseminationorotherspecificnationalsecuritycontrolsqualifiesastechnologyorsoftwareresultingfromfundamentalresearch,providedthatallgovernment-imposednationalsecuritycontrolshavebeensatisfiedandtheresearchersarefreetopublishthetechnologyorsoftwarecontainedintheresearchwithoutrestriction.Q.8:Myresearchisnotsubjecttogovernment-imposedaccessanddisseminationorotherspecificnationalsecuritycontrols.DoIneedalicenseforaforeigngraduatestudenttoworkinmylaboratory?A:Notiftheresearchonwhichtheforeignstudentisworkingis“fundamentalresearch”under§734.8andanyinformationreleasedtotheresearchersisalsointendedtobepublished.Q.9:Ourcompanyhasenteredintoacooperativeresearcharrangementwitharesearchgroupatauniversity.OneoftheresearchersinthatgroupisanationalofthePeople’sRepublicofChina(PRC).Wewouldliketosharesomeofourproprietaryinformationwiththeuniversityresearchgroup.WehavenowayofguaranteeingthatthisinformationwillnotbereleasedtotheChinesescientist.Doweneedtoobtainalicensetoprotectagainstthatpossibility?A:Ifthecooperativeresearcharrangementauthorizestheuniversitytofreelypublishtheproprietaryinformation,thenthesharingoftheinformationisnotatransactiontowhichtheEARapplies.However,ifyourcompanyandtheresearchershaveagreedtoaprohibitiononpublication,thenyoumustdeterminewhetheralicenseisnecessaryand,ifnecessary,obtainalicenseorqualifyforalicenseexceptionbeforetransferringtheinformationtotheuniversity.Itisimportantthatyouasthecorporatesponsordeterminetheproperclassificationanddiscusswiththeuniversitythenationalityofanyforeignnationalsthatwillhaveaccesstotheinformation,sothatyoumayobtainanynecessaryauthorizationpriortotransferringtheinformationtotheresearchteam.Q.10:MyuniversitywillhostaprominentscientistfromthePRCwhoisanexpertonresearchinengineeredceramicsandcompositematerials.DoIrequirealicensebeforetellingourvisitoraboutmylatest,asyetunpublished,researchresultsinthosefields?A:Probablynot,providedtheresearchresultsmeetthecriteriaof“fundamentalresearch”in§734.8.Specifically,if


9

Q.12:Indeterminingwhetherresearchisordinarilypublishedandsharedbroadlyandthereforecountsas“fundamental,”doesitmatterwhereorinwhatsortofinstitutiontheresearchisperformed?A:Inprinciple,no.“Fundamentalresearch”isperformedinindustry,federallaboratories,orothertypesofinstitutions,aswellasinuniversities.Itremainsthetypeofresearch,andparticularlytheintentandfreedomtopublishitthatidentifies“fundamentalresearch,”nottheinstitutionallocus.Q.13:Iamdoingresearchonhigh-poweredlasersinthecentralbasic-researchlaboratoryofanindustrialcorporation.IamrequiredtosubmittheresultsofmyresearchforprepublicationreviewbeforeIcanpublishthemorotherwisemakethempublic.IwouldRevisionstoDefinitionsintheExportAdministrationRegulations:FrequentlyAskedQuestions(FAQs)EffectiveSeptember1,2016EffectiveSeptember1,20168

liketocompareresearchresultswithascientificcolleaguefromVietnamanddiscusstheresultsoftheresearchwithherwhenshevisitstheUnitedStates.DoIneedalicensetodoso?A:Youmayneedalicense.TheinformationwillbesubjecttotheEARiftheprepublicationreviewisintendedtoallowyoursponsortowithholdtheresultsoftheresearchfrompublication.However,iftheonlyrestrictiononyourpublishinganyofthatinformationisaprepublicationreviewsolelytoensurethatpublicationwouldnotcompromiseanypatentrightsorproprietaryinformationprovidedbythecompanytotheresearcher,yourresearchmaybeconsidered“fundamentalresearch,”inwhichcaseyoumaybeabletoshareinformationbecauseitisnotsubjecttotheEAR.NotethattheinformationwillbesubjecttotheEARiftheprepublicationreviewisintendedtoallowyoursponsortowithholdtheresultsoftheresearchfrompublication.Q.13.1:SupposeIhavealreadyclearedmycompany'sreviewprocessandamfreetopublishalltheinformationIintendtosharewithmycolleague,thoughIhavenotyetpublished?A:Iftheclearancefromyourcompanymeansthatyouarefreetopublishalltheinformationwithoutrestriction,andyouintendtopublishit,theinformationisnotsubjecttotheEAR.Q.14:Iworkasaresearcheratagovernment-owned,contractor-operatedresearchcenter.MayIsharetheresultsofmyunpublishedresearchwithforeignnationalswithoutconcernforexportcontrolsundertheEAR?A:Thatisuptothesponsoringagencyandthecenter'smanagement.Ifyourresearchisdesignated“fundamentalresearch”asdefinedintheEARwithinanyappropriatesystemdevisedbyyouragencyormanagementtocontrolreleaseofinformationbyscientistsandengineersatthecenter,itwillbetreatedassuchbytheCommerceDepartment,andtheresearchwillnotbesubjecttotheEAR.Otherwise,youwouldneedtoobtainalicenseorqualifyforalicenseexception,excepttopublishorotherwisemaketheinformationpublic.


youperformedyourresearchattheuniversity,youintendtopublishit,andyouweresubjecttonocontractcontrolsonreleaseoftheresearch,yourresearchwouldbe“fundamentalresearch.”InformationarisingduringorresultingfromsuchresearchisnotsubjecttotheEAR(§734.3(b)(3)).Youshouldprobablyassume,however,thatyourvisitorwillbedebriefedlateraboutanythingofpotentialmilitaryvaluehelearnsfromyou.RevisionstoDefinitionsintheExportAdministrationRegulations:FrequentlyAskedQuestions(FAQs)EffectiveSeptember1,2016EffectiveSeptember1,20167 Q.10.1:WoulditmakeanydifferenceifIwereproposingtotalkwithaChinesenationalinChina?A:No,iftheinformationinquestionaroseduringorresultedfromthesame“fundamentalresearch.”Youstillshouldprobablyassume,however,thattheChinesenationalinChinawillbedebriefedlateraboutanythingofpotentialmilitaryvaluehelearnsfromyou.Q.10.2:CouldIproperlydosomeworkwithhiminhisresearchlaboratoryinsideChina?A:IfyoureleasetechnologysubjecttotheEARthatrequiresalicenseundertheEAR,youmustobtainalicenseorqualifyforalicenseexceptionpriortoreleasingthetechnology.Ifthetechnologythatyoureleaseis“published”(see§734.7)oritaroseduringorisaresultof“fundamentalresearch”(see§734.8),thenitisnotsubjecttotheEAR.Q.11:Iwouldliketocorrespondandshareresearchresults,whichdealwithtechnologythatrequiresalicensetoalldestinationsexceptCanada,withanIranianexpertinmyfield.DoIneedalicensetodoso?A:Notaslongasitisinformationthataroseduringorresultedfrom“fundamentalresearch”asdescribedin§734.8.Ifthatisnotthecase–meaningtheinformationissubjecttotheEAR–thenthatwouldbeadeemedexportandmostlikelywouldrequirealicensefromBISpriortoreleasingthetechnologytotheIraniannational.Q.11.1:SupposetheresearchinquestionwerefundedbyacorporatesponsorandIhadagreedtoprepublicationreviewofanypaperarisingfromtheresearch?A:Whetheryourresearchwouldbe“fundamental”forpurposesoftheEARwoulddependonthenatureandpurposeoftheprepublicationreview.Ifthereviewisintendedsolelytoensurethatyourpublicationswillneithercompromisepatentrightsnorinadvertentlydivulgeproprietaryinformationthatthesponsorhasfurnishedtoyou,theresearchcouldstillqualifyas“fundamental.”Butifthesponsorwillconsideraspartofitsprepublicationreviewwhetheritwantstoholdyournewresearchresultsastradesecretsorotherwiseproprietaryinformation(evenifyourvoluntarycooperationwouldbeneededforittodoso),yourresearchwouldnolongerqualifyas“fundamental.”ForpurposesoftheEAR,itiswhethertheresearchresultsareordinarilypublishedandsharedbroadlythatprimarilydetermineswhethertheresearchcountsas“fundamental”andsoisnotsubjecttotheEAR.


10

Q.15:InacontractforperformanceofresearchenteredintowiththeDepartmentofDefense(DOD),wehaveagreedtospecificnationalsecuritycontrols.DODistohaveninetydaystoreviewanypapersweproposedbeforetheyarepublishedandmustapproveassignmentofanyforeignnationalstotheproject.Theworkinquestionwouldotherwisebe“fundamentalresearch”under§734.8.IstheinformationarisingduringorresultingfromthissponsoredresearchsubjecttotheEAR?A:Anyexportorreexportofinformationresultingfromgovernment-sponsoredresearchthatisinconsistentwithanyspecificcontractcontrolsthatyouhaveagreedtowillnotbe“fundamentalresearch”andanysuchexportorreexportwouldbesubjecttotheEAR.TheEARdoesnotrestrictexportsorreexportsthatareconsistentwiththespecificnationalsecuritycontrols.Thus,ifyouabidebythespecificcontrolsyouhaveagreedto,youneednotbeconcernedaboutviolatingtheEAR.Ifyouviolatethosecontrolsandexportorreexportinformationas“fundamentalresearch”under§734.8,youmaysubjectyourselftothesanctionsprovidedforundertheEAR,includingcriminalsanctions,inadditiontoadministrativeandcivilpenaltiesforbreachofcontractunderotherlaws.RevisionstoDefinitionsintheExportAdministrationRegulations:FrequentlyAskedQuestions(FAQs)EffectiveSeptember1,2016EffectiveSeptember1,20169Q.16:DotheExportAdministrationRegulationsrestrictmyabilitytopublishtheresultsofmyresearch?A:No,theExportAdministrationRegulationsarenotthemeansforenforcingthenationalsecuritycontrolsyouhaveagreedtoforsuchresearchthatisnotsubjecttotheEAR;theydonotrestrictyourabilitytopublishinformation.Ifsuchpublicationviolatestheunderlyingapplicablecontractenteredintowiththefederalgovernment,however,youmaybesubjecttoadministrative,civil,andpossiblecriminalpenaltiesunderotherlaws.Patents(§734.10)Q:IstheexportorreexportofpatentedinformationfullydisclosedonthepublicrecordsubjecttotheEAR?A:Informationtotheextentitisdisclosedonthepatentoranopen(published)patentapplicationavailablefromoratanypatentofficeisnotsubjecttotheEAR.TheexportorreexportoftheinformationisnotsubjecttotheEARbecauseanypersoncanobtainthetechnologyfromthepublicrecordandfurtherdisseminateorpublishtheinformation.Forthatreason,itisimpossibletoimposeexportcontrolsthatwouldrestrictaccesstotheinformation.DefinitionsofExportandReexport(§§734.13and734.14)Q.1:Isperformingaserviceonbehalfoforforthebenefitofaforeignperson,whetherintheUnitedStatesorabroad,anexportundertheEAR?A:Exceptfortheproliferation-relatedcontrolsinPart744andcertainactivitiesinPart764,orasrelatedtoadeniedperson,theEARdonotcontroltheprovisionofservicesassuch.Rather,theEARcontroltheexport,reexport,release,


ortransferofitems,regardlessofwhetherintheperformanceofaservice.Thus,iftechnologysubjecttotheEARwillbereleasedaspartofperformingtheservice,thenauthorizationmayberequiredforthatrelease.Q.2:IunderstandthatareleaseintheUnitedStatesoftechnologysubjecttotheEARtoaforeignpersoniscalleda“deemedexport”becauseitisdeemedtobeanexporttotheforeignperson’smostrecentcountryofcitizenshiporpermanentresidency.IalsounderstandthatU.S.citizens,protectedindividualsasdefinedby8U.S.C.1324b(a)(3),andlawfulpermanentresidentsoftheUnitedStatesarenotforeignpersonsasdefinedin§772.1.AreleaseoutsideoftheUnitedStatesoftechnologysubjecttotheEARtoaforeignpersonofanothercountry(i.e.,acountrydifferentfromtheoneinwhichthereleasetakesplace)isadeemedreexporttotheforeignperson'smostrecentcountryofcitizenshiporpermanentresidency(exceptasdescribedin§734.20).HowdoIdeterminethe“permanentresidency”statusofapersoninaforeigncountry?A:Thiscanbedifficult,andsomecountriesmaynothaveanequivalentstatus.Factorstobeconsideredincludewhethertheindividual(i)hastherighttoresideinthecountryindefinitely,(ii)isauthorizedtobeemployedbyanyemployerinthecountry,and(iii)iseligibleforunlimitedentryandexitto/fromthecountrywithoutavisa.BISrecognizesconcernsthatmayariseininstanceswhereaforeignnationalmaintainsdualcitizenshipormultiplepermanentRevisionstoDefinitionsintheExportAdministrationRegulations:FrequentlyAskedQuestions(FAQs)EffectiveSeptember1,2016EffectiveSeptember1,201610

residencerelationships.Ifthestatusofaforeignnationalisnotcertain,exporterscanrequesttheassistanceofBIStodeterminewherethestrongertieslie,basedonthefactsofthespecificcase.Inresponsetosucharequest,BISwilllookattheforeignnational’scountry,family,professional,financial,andemploymentties.Q.3:IssendinganitembacktotheUnitedStatesareexport?A:No.SendinganitemtotheUnitedStatesdoesnotmeetthedefinitionof“reexport.”AuthorizationundertheEARisnotrequiredtobringanitemintotheUnitedStates.Q.4:Whenistransferofownershipofasatellitenotconsideredanexportorreexport?A:ThemeretransferofownershiptoanentityoutsideofaCountryGroupD:5country(e.g.,aspartofanonorbittransferofownershiptoanentityoutsideaD:5country)ofsatellitessubjecttotheEARthatareeligibleforLicenseExceptionSTAisnotanexportorreexport.Release(§734.15)Q.1:DoesmerelyprovidingforeignpersonsintheUnitedStateswithaccesstocontrolledequipment,software,ortechnologytriggerarequirementtogetalicenseordeterminewhetheralicenseexceptionisavailableinordertobecompliantwiththeEAR?A:No.Thequestioninsuchcircumstancesiswhether


11

“technology”isactually“released,”asdefinedin§734.15,duringtheprovisionofsuchaccess.Q.2:IamaprofessorataU.S.university,withexpertiseindesignandcreationofsubmicrondevices.Ihavebeenaskedtobeaconsultantforaforeigncompanythatwishestomanufacturesuchdevices.DoIneedalicensetodoso?A:Possibly.IfyoureleasetechnologythatrequiresalicenseundertheEAR,youwillneedtoobtainalicenseorthereleasewouldneedtoqualifyforalicenseexception.ThisguidanceapplieswhetherthereleaseoccursintheU.S.orelsewhere.Q.3:ThemanufacturingplantwhereIworkisplanningtobeginadmittinggroupsofthegeneralpublictotourtheplantfacilities.Weareconcernedthatalicensemightberequiredifthetourgroupsincludeforeignnationals.Wouldsuchatourconstituteanexport?Ifso,istheexportsubjecttotheEAR?A:Whilethetouritselfisnotanexport,visualinspectionbyforeignnationalsofitemssubjecttotheEARthatrevealstechnologyorsourcecodeisa“release”ofthattechnologyorsourcecode.However,notallvisualinspectionresultsinsucharelease.Merelyseeinganitembrieflyisnotnecessarilysufficienttoconstituteareleaseofthetechnologyrequired,forexample,todeveloporproduceit.Eveniftechnologyisreleased,ifthetouristrulyopentoallmembersofthepublic,includingyourcompetitors,andyoudonotchargeafeethatisnotreasonablyrelatedtothecostofconductingthetours,anytechnologyorsourcecodereleasedmaybe“published”(§734.7).Otherwise,youwillhavetoobtainalicense,thereleasewouldhavetoqualifyforalicenseexception,orthereleasewouldhavetobeabletousetheNLRdesignation,priortopermittingforeignnationalstotouryourfacilities.RevisionstoDefinitionsintheExportAdministrationRegulations:FrequentlyAskedQuestions(FAQs)EffectiveSeptember1,2016EffectiveSeptember1,201611ActivitiesThatAreNotExports,Reexports,orTransfers(§734.18)Q.1:Whatdoes“unclassified”meanin§734.18?A:Unclassifiedinformation”referstoinformationnotclassifiedinaccordancewithExecutiveOrder13526,75FR707;3CFR2010Comp.,p.298,oracomparablepredecessororsuccessororder.Q.2:Whatisthe“encryptioncarve-out”?A:Theexportcontrol“carve-outforencrypteddata”resultsfromanumberofchangesintechnologyandsoftwarecontrolsimplementedaspartofExportControlReform.Thechangesaffectexportcontrolsoncross-nationaltransmissionoftechnicaldataintheExportAdministrationRegulations,andalsoreleaseofsuchdatatoforeignpersons.Whilenotreferencingcloudapplicationsdirectly,thesechangeswillhaveamajorpositiveeffectonthemanagementanduseofmanycloudservices.MostapplicableprovisionsmaybefoundinEAR§734.18oftheEAR,“Activitiesthatarenotexports,reexportsortransfers.”


Q.3:WhyisFIPS140-2specifiedforthecarve-out?A:TheFederalInformationProcessingStandardsPublication140-2(“FIPS140-20”)isawell-knownsetofcryptographicstandardsusedforgovernmentprocurementintheU.SandCanada.Itisintendedtosetabaselineforthequalityofencryptioneligibleforthecarve-out.Specifically,hardwareandsoftwaremodules(andbyextension,algorithms)certifiedascompliantbytheNationalInstituteofStandardsandTechnology(NIST)wouldqualify.FIPS140-2canbefoundattheNISTwebsite:http://csrc.nist.gov/groups/STM/cmvp/standards.htmlQ.4:Whatlevelofsecuritywouldqualify?A:WhileFIPS140-2featuresfourlevelsofsecurity,§734.18doesnotspecifywhatlevelisappropriateforaparticularbusinessenvironment.Moreover,thesectionreferencesNISTpublicationsasguidancefordimensionsofcryptographicexecution,suchaskeymanagementthatarenotreferencedintheFIPS140-2itself.Theexporterisresponsibleforensuringthatmodulesandproceduresimplementedaresufficienttoensureprotectionofdatawithinthecontextinwhichheorsheoperates.Q.5:IsFIPS140-2theonlycryptographicstandardorapproachthatcanbeusedforthecarve-out?A:No,andinfacttheEARspecificallystatethatequallyormoreeffectivecryptographicmeanscanbeused.BISrecognizesthattherearecircumstances,suchascryptographydevelopedforinternalcompanyuse,thatmaybeeffectivebutthathaveneverbeensubjecttotheNISTcertificationprocess.However,exportersmustbesurethatwhateverstandardandproceduresareusedareeffectivewithinthecontextinwhichthefirmoperates.Q.6:Howis“end-to-end”encryptiondefinedforthepurposeofthisfinalrule?RevisionstoDefinitionsintheExportAdministrationRegulations:FrequentlyAskedQuestions(FAQs)EffectiveSeptember1,2016EffectiveSeptember1,201612A:“End-to-end”encryptionisdefinedascryptographicprotectionofdatasuchthatthedataarenotinunencryptedformbetweentheoriginatorortheoriginator’sin-countrysecurityboundaryandanintendedrecipientortherecipient’sin-countrysecurityboundary.Q.7:Whatisthesignificanceofthein-countrysecurityboundary?A:Withcertainapplications,encryption/reencryptionisnotpermittedatanypointbetweentheoriginatorandtheintendedrecipient.Whileapplicationsthatmeetthiscriterion(likePGP)arecommonandwellunderstood,suchsolutionsaretypicallyusedbyindividuals,arenotscalabletolargeorganizations,andrisklossofkeys,askeymanagementisaccomplishedbytheindividualsateitherend.Moreover,anyservices,suchasmalwarescreening,havetobedoneoncleartext,whichmeansthetypicalpracticeofprovidingthematanorganizationallevelwouldbeimpossible.


12

Toaddresstheseconcerns,thedefinitionofend-to-endencryptionprohibitsdecryption/re-encryptiononlybetweenthein-countrysecurityboundariesoftheoriginatorandtherecipient.Thisisconsistentwiththecommonpracticesinboththegovernmentandindustry,andallowsfordesiredornecessaryservicestobeperformedwithinsecurityboundarieswhilemeetingthesecurityobjectiveoftherule.The“in-country”provisionisintendedtopreventexportsofcontrolleddatainunencryptedformresultingfromdefiningsecurityboundariestoincludemultiplecountries.Anyreleaseofcontrolleddatatonon-U.S.nationalswithinthesecurityboundaryofacorporateintranet(asanexample)wouldbetreatedasadeemedexportrequiringappropriateauthorization,asisthecasetoday.Q.8:Isdecryption/re-encryptionpermittedfordataeligibleforthecarve-out?A:Notintransitbetweensecurityboundaries.Protectedtechnologyandcodemustnotbeinunencryptedform(i.e.,incleartext)fromthesecurityboundaryoftheoriginatortothesecurityboundaryoftherecipient.Decryption/re-encryptionwithinthesecurityboundarywouldbeallowedinordertoprovideservicessuchasanti-malwarescreening.Also,decryption/re-encryptionwouldbeallowedfordatathatis“super-encrypted”(thatisencryptionofdatathathasalreadybeenencryptedpreviously),providedthatdataunderprotectionwasnotintheclearatanypointbetweenthesecurityboundaries.SuchmultipleencryptionisusedinsomeVPNapplications.Q.9:MyU.S.companyneedstosendtechnologytooneofouremployeesintheU.K.TheemployeeisaU.S.national,andwearesecuringthetechnologyaccordingtothecriteriain§734.18(a)(5).ThetechnologyinquestionwouldnormallyrequirealicensetotheU.K.Doweneedalicense?WhatifourU.S.nationalemployeeintheU.K.needsremoteaccesstoaserverintheU.S.andwesecurethataccessaccordingtothecriteriain§734.18(a)(5)?WhatifanotheremployeewhoisaU.K.nationalneedsthesameaccess?A:Sendingthetechnologysecuredaccordingtothecriteriain§734.18(a)(5)isnotanexport.TherecipientisaU.S.national,sothetechnologyisnot“released”(see§734.15).TheU.S.national’ssimilarlysecuredremoteaccesstothedataonaU.S.serverisalsonotanexport.RevisionstoDefinitionsintheExportAdministrationRegulations:FrequentlyAskedQuestions(FAQs)EffectiveSeptember1,2016EffectiveSeptember1,201613AccessbytheU.K.nationalisareleaseofthetechnologytoaforeignpersonthatwillneedthesameauthorizationastheexportofthesametechnologytotheU.K.Q.10:Isgivingsomeoneremoteaccessthesameas“sending”forpurposesof§734.18(a)(5)?A:Yes.Q.11:Whatisthelegalstatusofwhollynon-U.S.technologythatwouldbestoredencryptedonaserverintheU.S.?A:WhileitisstoredintheU.S.,itissubjecttotheEAR.Storageofencryptedforeign-origintechnologyonaserverintheU.S.


isnotsufficienttorenderitU.S.-origintechnology,whichissubjecttotheEARwhereverlocated.Q.12:WhatifIdon’tencryptmydatatothestandardsin§734.18(a)(5)?A:Transmissionofdatanotencryptedtothestandardsin§734.18(a)(5)acrossaborderisanexportorreexport.ActivitiesThatAreNotDeemedReexports(§734.20)Q.1:Dothelistofactivitiesin§734.20thatdonotconstitute“deemedreexports”affectLicenseExceptionTSR?A:No.Ifanactivityisnotadeemedreexport,thenonedoesn’tneedtoconsiderwhetherTSRapplies.Ifanactivityisadeemedreexport,thenonemaystillconsiderwhetherthetechnologyatissuemaybereleasedunderTSRpursuantto§740.6.Q.2:Doestheterm“entity,”whenusedin§734.20,refertoentitieslocatedoutsideoftheU.S.?A:Yes.Q.3:Section734.20(c)(5)describessituationsthatarenotdeemedreexportsinvolvingreleasestopersonswhoarenotCountryGroupA:5nationals.Therearesixsituationslisted,andsomeofthemrefertoinformationthatisnotintheEAR.WherecanIfindtheinformationthatisreferenced?A:TheU.S.-U.K.ExchangeofNotesregarding§126.18oftheITARreferredtoinparagraph(c)(5)(iii)andtheU.S.-CanadianExchangeofLettersregarding§126.18oftheITARreferredtoinparagraph(c)(5)(iii)maybefoundatthefollowinglink:http://test.pmddtc.state.gov/licensing/agreement.htmlTheAgreementsGuidelinesreferredtoinparagraphs(c)(5)(v)and(vi)maybefoundatthefollowinglink:http://www.pmddtc.state.gov/licensing/documents/agreement_guidelinesv4.2.pdfRevisionstoDefinitionsintheExportAdministrationRegulations:FrequentlyAskedQuestions(FAQs)EffectiveSeptember1,2016EffectiveSeptember1,201614DefinitionofTechnology(§772.1)Q.1:Fortechnologytobe“use”technology,mustitincludeallsixelementsofthedefinitionof“use”in§772.1,i.e.,operation,installation(includingon-siteinstallation),maintenance(checking),repair,overhaulandrefurbishingtechnology?A:Yes.If,however,anECCNspecifiesoneormoreofthesixelementsof“use”intheheadingorcontroltext,eachelementspecifiedisclassifiedunderthatECCN.Q.2:Doesinformationonthebasicfunctionorpurposeofanitemconstitute“technology?”A:No.Suchinformationdoesnotmeetthedefinitionoftechnology.Q.3:MytechnologyisnotontheU.S.MunitionsList,butitisnotontheCCLeither–whatisit?A:TechnologynotelsewherespecifiedontheCCLisdesignatedasEAR99,unlessthetechnologyissubjecttotheexclusivejurisdictionofanotherU.S.governmentagency(see§734.3(b)(1))orisotherwisenotsubjecttotheEAR(see§734.3(b)(2)and(b)(3)and§§734.7through734.10).


13

EIB World Trade H

eadlines Evolutions In Business • w

ww

.eib.com • (978) 256-0438 • P.O

. Box 4008, Chelmsford, M

A 01824

Q.4:AreBuild/Design-to-Specificationsexcludedfromthedefinitionoftechnology?A:SuchspecificationsarenotperseoutsidethescopeoftheEAR’sdefinitionof“development”or“production”technology.Dependingontheparticularsituation,itistheoreticallypossiblethatsuchspecificationscouldconstitutetechnology.Atechnicalspecificationthatconveyssize,weightandperformancerequirementsanddoesnotinclude“build-to-printtechnology”likelywouldnotmeetthedefinition.Q.5:Thedefinitionoftechnologycontainsthefollowingnote:“Themodificationofthedesignofanexistingitemcreatesanewitem,andtechnologyforthemodifieddesignistechnologyforthedevelopmentorproductionofthenewitem.”Whatdoesthismean?A:BIScreatedthisnotetoaddressthefactthatmultiplevariationsofaproductareusuallycreatedbyoneormorecompanies,andcompaniesoftenstrugglewithhowtoclassifythetechnologythatisandisnotcommontothevariations.Consider,forexample,acompanythatmakesacivilaircraftswitchcontrolledunderECCN9A991.d.Itlatermodifiestheswitchsothatitwouldworkinamilitaryaircraft.Themodifiedswitch–the“dashone”model–is,inthisexample,speciallydesignedforamilitaryaircraftandthuscontrolledunderECCN9A610.x.Thetechnologythatiscommontobothswitchesis9E991,butthedeltaintechnologytomakethe9A610.xswitchiscontrolledunder9E610.Thatis,whateverthetechnologyisthatisrequiredtomakethe9A991.dcommercialaircraftswitchintoa9A610.xswitchisthetechnologyforthenew,modifieditem.IssuanceofLicenses(§750.7)RevisionstoDefinitionsintheExportAdministrationRegulations:FrequentlyAskedQuestions(FAQs)EffectiveSeptember1,2016EffectiveSeptember1,201615 Q.1:Thescopeof§750.7statesthataBISlicenseauthorizingthereleaseoftechnologytoanentityalsoauthorizesreleaseofthesametechnologytothe“entity’sforeignnationalswhoarepermanentandregularemployees(andwhoarenotproscribedpersons…).”Istheentityreceivingthetechnologyresponsibleforscreeningitsemployees?Doestheapplicanthavetoconfirmthatthescreeninghasbeenconductedpriortoreleasingthetechnologytotheentity?A:Theentityreceivingthetechnologyisresponsibleforscreeningitsforeignnationalswhoarepermanentandregularemployees,asconsistentwithlocallaws,and


regularemployees,asconsistentwithlocallaws,andmustnotreleaseanytechnologyauthorizedbytheBISlicensetoemployeeswhoare“proscribedpersons.”Theapplicantisnotrequiredtoconfirmthattheentityhasscreeneditsemployeespriortoreleasingthetechnologytotheentity.Q.2:DotheexpirationdatesonBISandDDTClicensesandotherauthorizations(e.g.,BIS-748Ps,DSP-5s,TAAs,MLAs,andWDAs)applyonlytotheinitialexport,reexport,ortransferauthorizedordotheyapplytoallsubsequenttransactionsthatareotherwisewithinthescopeoftheauthorization?A:Theexpirationdatesapplyonlytotheinitialexport,reexport,ortransferauthorizedinthelicenseorotherauthorization.Thatis,theinitialexport,reexport,ortransfermusttakeplacebeforetheexpirationdateforittobeauthorized.Theexpirationdatedoesnotapplytosubsequenttransactionsinvolvingtheitemsatissuetotheendusers,destinations,andendusesdescribedinthelicenseorotherauthorization.SuchtransactionscontinuetobeauthorizedsolongasnoconditionorprovisotothelicenseorotherauthorizationlimitssuchtransactionsandtheU.S.governmenthasnotsubsequentlyimposedadditionalcontrolsontheenduses,endusers,ordestinationsatissue,suchasthroughtheEntityList,theDebarredPartiesList,ortheSpeciallyDesignatedNationalsList.TemporaryExportsofTechnology(TMP)(§740.9)(a)(3)Q.1:CanTMPbeusedforremoteaccesstoU.S.servers?A:Yes,providedtheothertermsofparagraph(a)(3)aremet.Q.2:IstakinganencrypteddeviceoutoftheU.S.anexport?A:Yes.Paragraph(a)(3)mayauthorizethetechnologyonthedevice,butthedeviceitselfisacommoditythat,ifitrequiresalicensetoitsdestination,wouldneedtobeauthorizedbyanotherprovisionintheEAR,e.g.,byparagraph(a)(1)(Toolsoftrade).Q.3:Canobfuscation/tokenizationbeusedtoprotectdata?(Tokenizationisaprocessthroughwhichdataordocumentsareobfuscatedbyreplacingunderlyingcleartextwithasurrogatevaluecalleda“token.”)A:Doneproperly,yes,thisisaneffectivesecuritymeasure.NOTE:InaccordancewithTitle17U.S.C.Section107,thismaterialisdistributedwithoutprofitorpaymentfornon-profitnewsreportingandeducationalpurposesonly.

Reproductionforprivateuseorgainissubjecttooriginalcopyrightrestrictions.

“Whenyoufeellikequittingthinkaboutwhyyoustarted.”

eib world trade headlineseib.com/news/jun2016vol8issue11.pdf · 1st seminar a success...

Documents