Archive for the ‘Export License’ Category

China Telecomm Giant ZTE Gets Another Temporary Reprieve from US Export Denial List

Tuesday, July 12th, 2016 by Danielle McClellan

By: John Black

The Commerce Department’s Bureau of Industry and Security (BIS) announced that it is extending the temporary general license for ZTE to effectively suspend ZTE’s denial list status until August 30, 2016.  BIS originally put ZTE on its Entity List on March 8, 2016, based on BIS’ allegations that ZTE, including its senior management, established a complex network as part of its efforts to illegally transfer US technology to Iran and other prohibited destinations.  The original denial prohibited all transfers from anywhere in the world of US origin items to ZTE as well as exports from outside the United States of non-US origin items with more than 25% US controlled content and certain foreign items produced directly from using US technology.  The original listing was clearly the biggest EAR penalty ever imposed in my 32 years in this field.

As previously reported in this newsletter, on March 24, 2016 BIS announced a general license that effectively temporarily suspended until June 30, 2016, the denial  against:

  • Zhongxing Telecommunications Equipment (ZTE) Corporation (also referred to as ZTEC)
  • ZTE Kangxun Telecommunications Ltd.

Now BIS has extended that general license for these two entities through August 31, 2016.  It is easy to infer from this that ZTE must have originally refused to cooperate with BIS regarding the diversions to prohibited destinations, but after being placed on the Entity List ZTE rounded up a hoard of Washingotn lawyers and came crawling on its knees to BIS promising to cooperate and take decisive remedial actions.  The extension indicates that ZTE is continuing to cooperate with BIS, at least as much as is necessary to get the suspension of its denial extended until the end of August.

These two ZTE entities remain on the EAR Entity List:

  • Beijing 8 Star International Co.
  • ZTE Parsian

For more information go to:  http://www.bis.doc.gov/index.php/regulations/federal-register-notices#fr41799

3 Men & Illegal Exports to Syria

Tuesday, July 12th, 2016 by Danielle McClellan

By: Danielle McClellan

In November 2012, three individuals and one company were indicted with charges of criminal conspiracy, wire fraud, illegal export of goods, money laundering, and false statements. Until now the indictment remained under seal pending the arrest of the defendants.

Between 2003 and 2012, d-Deri Contracting & Trading (owned by Ahmad Feras Diri of London) was exporting goods originally from the US from Global Parts Supply (owned by Harold Rinko of Hallstead, PA) to his brother and business partner Moawea Deri who was located in Syria.  The goods purchased from Rinko’s US company were done so based on false invoices, undervalued and mislabeled goods.  Then the purchased goods were exported by falsely listing their identity and final geographic location on all documentation. The items would be shipped from the US to Jordan, the UAE, and the UK, and finally transshipped to Syria.

The items exported allegedly included:

  • a portable gas scanner used for detection of chemical warfare agents by civil defense, military, police and border control agencies;
  • a handheld instrument for field detection and classification of chemical warfare agents and toxic industrial chemicals;
  • a laboratory source for detection of chemical warfare agents and toxic industrial chemicals in research, public safety and industrial environments;
  • a rubber mask for civil defense against chemicals and gases;
  • a meter used to measure chemicals and their composition;
  • flowmeters for measuring gas streams;
  • a stirrer for mixing and testing liquid chemical compounds;
  • industrial engines for use in oil and gas field operations and a device used to accurately locate buried pipelines

Note: Nearly all exports to Syria will be denied, other than a few items categorized under humanitarian food and medicine. The goal of the embargo on Syria is to shut down the supply chain used by the Syrian state to support terrorism and create proliferate weapons of mass destruction, and in this specific case, chemical weapons.

Fast forward to this month, Ahmad Feras Diri (age 43) of London has plead guilty to conspiracy to illegally export items used to detect chemical warfare agents to Syria. He lost his extradition fight in the UK in November 2015 at which point he was brought to the US to face the charges. Diri admitted that he conspired to export items from the US through third party countries to customers in Syria without obtaining the required US Commerce Department licenses.

Harold Rinko (age 73 of Hallstead, PA) was indicted by a grand jury in November 2012 and admitted in court that he conspired to export the items from the US through third party countries to customers in Syria without an export license.

Moawea Deri remains at large and is considered a fugitive but will likely remain in Syria as extradition is unlikely to occur.

“This extradition demonstrates HSI’s commitment to use all its resources to prevent sensitive and restricted technology from being exported to Syria through the black market,” said HSI Philadelphia Special Agent in Charge John Kelleghan. “No good comes of illegal exports to Syria, especially during this time of gross misgovernment and civil strife. As the principal enforcer of export controls, HSI will continue to do everything in its power to ensure that sensitive technology doesn’t fall into the wrong hands in Syria. I applaud our colleagues at the Department of Commerce, the U.S. Attorney’s Office for the Middle District of Pennsylvania, along with our law enforcement counterparts in the United Kingdom. This coordinated effort helped us make this complex investigation a success.”

More Information: https://www.ice.gov/news/releases/uk-resident-connected-syrian-export-scheme-extradited-us-face-federal-charges

Successful Violations for Dummies: Don’t Fly to the US when Attempting to Arrange Illegal Exports

Friday, May 27th, 2016 by Danielle McClellan

New Zealand Man Arrested in Seattle After Contacting Undercover Agent

By: Danielle McClellan

William Ali, a New Zealand man has been indicted in Seattle on federal charges that he attempted to purchase aircraft parts in the US that he planned to sell to a client in China. Last year Ali contacted a US company looking for “aircraft parts called accelerometers.” These parts are developed for low or zero gravity navigation systems used in spacecraft and aircraft and any one selling the items must have an export license (Ali did not).

A Homeland Security agent began to investigate Ali shortly after he contacted the company looking to purchase the accelerometers. The agent and Ali exchanged emails and Ali admitted that he knew there were controls on the sale of the items that he was looking to buy and that trying to buy them was turning out to be difficult. He also explained that he didn’t think he could get an export license for the parts so he was trying to purchase them through different sources. His client was looking for a “huge quantity” of the product because they were “manufacturing a variant of the MA60 aircraft and needed high-quality US parts” according to the criminal complaint.

After considering all of his options, Ali flew to Seattle to pick up the pars where he was arrested when he arrived on April 11, 2016.

More Details: http://www.seattletimes.com/seattle-news/crime/new-zealand-man-faces-illegal-export-charges-in-seattle/

Export Business Manager Pleads Guilty to Attempted Illegal Exports to Iran

Friday, May 27th, 2016 by Danielle McClellan

By: Danielle McClellan

Asim Fareed (age 51) of North Brunswick, NJ operated an export business in Somerset, NJ that agreed to ship items purchased by customers in Iran. Fareed provided false documentation to the US Department of Commerce for export purposes between 2013 and 2015. He created invoices that contained false information related to the identity and geographic location of the purchasers of the goods. The items were supposed to be shipped from the US to the UAE and then onto Iran. The items never were actually shipped.

Asim Fareed agreed to enter a plea to conspiracy to provide false statements in connection to the illegal export of goods to Iran. “The Office of Export Enforcement vigorously pursues violators of our nation’s export control laws, which are in place to further and protect our national security and foreign policy.  As in this instance, we work closely with our colleagues at HSI and other law enforcement agencies in prosecuting this case,” said Jonathan Carson, Special Agent in Charge, U.S. Department of Commerce, Bureau of Industry and Security, Office of Export Enforcement, New York Field Office.
“This case demonstrates how far individuals will go to circumvent U.S. export laws to export goods to countries like the Islamic Republic of Iran,” said Angel M. Melendez, special agent in charge of HSI in New York. “The Iran Trade Embargo prohibits Americans from supplying goods, technology and services to Iran directly or indirectly. HSI is committed to aggressively pursuing those who conduct illegal business with Iran.”
The case was investigated by the Department of Commerce, Office of Export Enforcement and U.S. Immigration and Custom Enforcement’s (ICE), Homeland Security Investigations (HSI).  Assistant U.S. Attorney Todd K. Hinkley is prosecuting the case.
More information: https://www.justice.gov/usao-mdpa/pr/new-jersey-man-charged-conspiracy-provide-false-statements-related-export-prohibited

DDTC Agreements Guidelines Updates

Thursday, May 5th, 2016 by Danielle McClellan

Revision 4.3 of the Guidelines for Preparing Agreements has been posted on the DDTC website. Download the document at http://pmddtc.state.gov/licensing/documents/AG_Rev%204.3.pdf.

It Never Pays to Use Your Church to Cover Your Export Violations

Thursday, May 5th, 2016 by Danielle McClellan

By: Danielle McClellan

What does a system analyst for a defense contractor, a church volunteer and an owner of 3 US companies all have in common?  They all involve one woman, who will now spend 57 months in prison, encompassed each, and all at the same time. Hannah Robert, of North Burnswick, New Jersey recently plead guilty to conspiring to violate the Arms Export Act by exporting military technical drawings to India without government approval.

The story begins with Robert being an employee for a defense contractor where she worked as a system analyst and had access to thousands of export controlled drawings that were used for bids on US Department of Defense (DoD) contracts (Robert held this position until November 2012). In June 2010, she became the founder, owner and president of One Source USA LLC where she contracted with the DoD to supply defense hardware items and spare parts. In September 2012, Robert opened another defense company, Caldwell Components, Inc. as well as Once Source India (located in India), with a resident of India (identified on as R.P. in court documents) that manufactured defense hardware items and spare parts.

Between June 2010 and December 2012 Robert illegally exported defense technical drawings for parts used in the torpedo systems for nuclear submarines, military attack helicopters and F-15 fighter aircraft to R.P. in India. Robert and her India counterpart also sold defense hardware items to foreign customers including the United Arab Emirates Ministry of Defence. Hannah Robert volunteered at a church in Camden County, New Jersey, as a web administrator. This allowed her access to the church’s website where she uploaded the defense technical data. She provided her login and password to the church’s website to R.P. so that he/she could download the files. This process went on for two years and was the way in which Robert and R.P. were able to pass the technical information amongst themselves.

Hannah Robert was also faced with the issue of providing US DoD with faulty wing pins for the F-15 fighter aircraft. Robert provided false and misleading material certificates and inspection reports for the parts. The documents also failed to list that the actual manufacturer of the pins was located in India, not One Source USA’s New Jersey location which was listed on all of her DoD bids. The failed wing pins grounded approximately 47 F-15 fighter aircraft and cost DoD over $150,000 to inspect and repair the pins. Robert must pay $181,000 to the DoD to cover the repair costs as well as forfeiting more than $77,000 that she earned from the contracts.

The case was investigated by the special agents of the Defense Criminal Investigative Service’s Northeast Field Office and the special agents of the Department of Homeland Security’s Counter Proliferation Investigations.

More Information: https://www.justice.gov/usao-nj/pr/former-owner-defense-contracting-businesses-sentenced-57-months-prison-illegally

Belgium Company Pays $350,000 after Exporting Coatings, Pigments and Paints to Iran

Wednesday, April 6th, 2016 by Danielle McClellan

By: Danielle McClellan

Chemical Partners Europe (CPE) S.A. of Brussels, Belgium has been charged with 6 counts of Evasion after exporting coatings, pigments and paints from the US to their facility in Brussels  and then to Iran. The exported items were suitable for use in nuclear facilities and had marine applications, making them subject to the Export Administration Regulations (EAR) as well as the Iranian Transactions Regulations (Governed by the Department of Treasury’s Office of Foreign Assets Control (OFAC)).

Between January 2010 and March 2011, the company purchased the coatings, pigments and paints, valued at $244,358, from a US company and concealed the fact that the ultimate destination was actually Iran. The shipper’s export declarations filed listed CPE as the ultimate consignee and Belgium as the country of ultimate destination. Once CPE received the items they transferred them directly to Iran without proper authorization.

CPE has agreed to pay $350,000 to settle the charges; they will not be debarred. Charging Letter

Gunsmoke Goes Down in Flames: Marshal Matt Dillon Can’t Save The Day

Tuesday, March 29th, 2016 by Danielle McClellan

By: Danielle McClellan

Richard Wyatt, owner of Gunsmoke, a firearm store in Wheat Ridge, Colorado has been indicted and arrested on several charges of conspiracy, dealing firearms without a license, and tax related charges. Gunsmoke was featured in the reality show, American Guns, on the Discovery Channel from 2011 through 2012. The show basically mixed the haggling of Pawn Stars with gun customizations and machine gun sales.

In April 2012, Wyatt and Gunsmoke, surrendered their Federal Firearms Licenses (FFL) after violations of federal laws and regulations (tax issues have been presumed).  In order to get around the issue of not having a FFL Gunsmoke changed the address of a store known as Triggers Firearms LLC and used it as a straw licensee. Gunsmoke never held an ownership interest in Triggers and Wyatt submitted false paperwork to the ATF to hide this fact.

During April 1, 2013 to March 31, 2015, no person/employee of Gunsmoke was licensed to engage in the business of dealing firearms. Wyatt directed all employees to ring up sales of firearms as “miscellaneous” sales to get around this issue. To further conceal sales and gunsmithing services customers would physically pay for the firearms and services from Gunsmoke but would then be sent to another firearm store (which had a valid FFL) where they would fill out their background check paperwork and take procession of the firearm purchased from Gunsmoke.

At this time Wyatt faces the following charges:

  • Two counts of conspiracy (each count carries not more than 5 years in prison and up to $250,000 fine)
  • Three counts of dealing in firearms without a license (each count carries not more than 5 years in prison and up to $250,000 fine)
  • One count of filing a false tax return (carries not more than 3 years in prison and up to a $100,000 fine)
  • Seven counts of failure to file a tax return (each count carries not more than one year in federal prison and up to a $25,000 fine)

Justice Department Notice: http://www.justice.gov/opa/pr/gunsmoke-gun-shop-owner-and-former-discovery-channel-star-indicted-and-arrested-conspiracy

Statement Before House Committees Concerning Proposed Export Licensing for Cyber-Security Items

Wednesday, February 3rd, 2016 by Danielle McClellan

(Source: Homeland Security Committee) Author: Kevin J. Wolf, Assistant Secretary of Commerce for Export Administration.

Transcript of statement:

“Thank you, Chairmen Hurd and Ratcliffe, and Ranking Members Kelly and Richmond.

The Wassenaar Arrangement is a 41-member export control group in which the United States participates. It was established to contribute to regional and international security and stability by promoting greater responsibility in the transfer of conventional arms and dual-use goods and technologies, thus preventing destabilizing accumulations of such items. Participating States maintain a common control list of items warranting control for these reasons and seek, through their national policies, to ensure that transfers of these items do not contribute to the development or enhancement of military capabilities that undermine these goals, and are not diverted to support such capabilities. The list of such items is developed and updated by the Participating States through consensus determinations, generally made at the end of each year. …

In December 2013, Wassenaar approved new export controls on “command and delivery platforms” for “intrusion software” and related technology. Specifically, the entries in Category 4 (Computers) of the Wassenaar dual-use control list would control non-publicly available software (4.D.4.) that generates, operates, delivers, or communicates with “intrusion software.” “Intrusion software” is defined as software designed to covertly gain access to a computer or other networked device and, once inside, to extract or modify data or modify the execution path of the device to allow the execution of externally provided instructions. Related hardware and technology entries (4.A.5. and 4.E.1.c.) control systems and equipment for generating, operating, delivering, or communication with “intrusion software,” and technology for developing “intrusion software.” The original proposal for these controls came from another Wassenaar member nation in 2012. Examples of the types of commercial hacking software intended to be captured by this control include those offered by Hacking Team (Italy), Gamma/Fin-Fisher (Germany), and Vupen (France).

The controls were novel in that they were the first foray by a multilateral export control community into the area of offensive cyber tools. The agreed-upon entries covering software intentionally excluded “intrusion software” itself — that is, certain kinds of malware — from control because of a general understanding that everyone with a computer or mobile device infected by such malware or “exploits” could become an unwitting “exporter” of it (e.g., by forwarding an infected e-mail to someone in another country). The technology entry, however, imposes controls on non-publicly available technology for the development of such software as well as on technology for the development of the controlled delivery systems. …

In order to not take an action that would inadvertently harm our nation’s ability to engage in critical cyber defense and related research work, we decided in May 2015 to take the unprecedented step of publishing these Wassenaar control list entries as a proposed rule, with a request for private sector comments, rather than as a final rule. Our hope was that the private sector comments would give us a better sense for whether the rule would have unintended impacts on our cyber defense and cyber research ecosystems. All dual-use controls have consequences and impose costs on the private sector. That is the nature of controls. This one, however, was different because the impact would be not just on the economic bottom-line of U.S. companies, but on our government’s and our nation’s ability to share efficiently and quickly the types of technology necessary to conduct cyber defense and related research.

Immediately following publication of the proposed rule, Commerce received questions from U.S. private sector and others in the U.S. Government about the intended scope of the controls. In order to ensure that comments were informed and responsive to the proposed controls set forth in the rule, Commerce published answers to a list of “frequently asked questions” on its website to address what we determined were regular queries in order to encourage more focused and more useful public comments. It was clear from these initial questions that the terminology used in the control list entries and the proposed rule were understood differently by the cybersecurity community than by the export control agencies and the Wassenaar Participating States. By the end of the 60-day comment period, Commerce had received more than 260 comments, virtually all of them negative. Some commenters took the view that the underlying control at Wassenaar could not be implemented without causing significant harms to cybersecurity. Others made specific recommendations on ways to mitigate many of the concerns. Some praised the underlying objectives of the rule, while nonetheless proposing modifications to the scope of the proposed regulation, such as through license exceptions and definitions, to reduce the impact of unintended consequences. …

Neither the Commerce Department nor the Administration has reached a conclusion about how to respond to the public comments. We are still reviewing and considering them. Importantly, all U.S. Government agencies with expertise and equities in cyber defense research and related work are reviewing the comments and will provide input as a next step, before we make a decision on what to do about the proposed rule.   As requested by your committees, I can, however, summarize the essence of the comments – reiterating that the Administration has not come to any final conclusions regarding how to respond to the comments or to the extent to which they are correct technically. The public comments, including presentations at technical advisory committee meetings during the past three months, focus on three main issues.

First, some commenters asserted that the proposed regulation’s definition of “intrusion software” is too broad and, as a technical matter, fails. They assert that malware recovery tools would be caught by the entries because they interact with malware to regain control of an infected system, and some defense research tools would be caught because they analyze malware to develop new defensive products. They also assert that products that patch systems or add capabilities to programs would themselves be controlled under these entries because of the way they interact with or manipulate programs. These products are integrated with the hardware (systems, equipment, and components) and are designed to legitimately bypass or defeat protections, modify the standard execution path of software, and access data. According to the commenters, they would often thus be software for the generation, operation, delivery of or communication with “intrusion software” and caught by the new controls.

Second, other commenters contend that the proposed rule to implement the control list entries as written, based on the definition of “intrusion software,” would impose a heavy and unnecessary licensing burden on legitimate transactions that contribute to cyber security. Government agencies and private sector cyber security companies routinely test their systems and networks to identify vulnerabilities and, if possible, discover existing malicious attack agents. These companies then provide their clients with threat mitigation tools and strategies. To accomplish this, they use the same tools the controls on intrusion items identify, though their use is authorized by their target. To accomplish their mission, they need to employ tools for computers or networks that have the functional specifications of the control parameters, e.g., avoid detection, defeat protective countermeasures, extract data or information, modify system or user data, and modify the standard execution part of a program or process to execute externally provided instructions. These are exactly the characteristics a successful malicious attacker’s software would have and what the assessment team’s tools need to be able to replicate. During these defensive engagements, members of the assessment team frequently need to create custom scripts (i.e., software programs) to effectively assess the extent of the vulnerabilities by creating exploits, and to determine if a successful attack has taken place or is in progress.

Third, other commenters state that the proposed rule’s controls on technology for the development of “intrusion software” could cripple legitimate cybersecurity research. To address cyber threats, technical information must be shared with experts across the globe. In order to identify and quickly counter threats, the cybersecurity industry relies heavily on collaboration with other companies within and outside of the United States, as well as independent experts around the world. Many of these experts are self-taught, have no prior formal relationship with cybersecurity firms, and, in many cases, may be unknown until they discover a new vulnerability. To address vulnerability, a company must be able to engage in a back-and-forth dialogue with these researchers and experts. Often, the dialogue must include detailed discussion of exactly how a particular vulnerability could be exploited to gain control of a computer; without such discussion it is not possible to evaluate the risk posed by a vulnerability or to fashion an effective and comprehensive defense. Some commenters were concerned that, by subjecting vulnerability research, assessments, and testing to export licensing requirements including classification, screening, and other control elements, the control would limit the ability to fix and patch such vulnerabilities, leading to an overall decrease in the quality of cybersecurity. When vulnerabilities are discovered, they must be reported as soon as possible so that a fix can be developed. This process involves sharing not only the vulnerability and exploit, but also the technical information on how the exploits work, including the technology to develop them.

The commenters had many suggestions regarding how to address their concerns. The Administration will be reviewing all of them and many other ideas for how to address the policy objectives of the control but without unintended collateral harms. As I have said many times in response to questions about the rule, the only thing that is certain about the next step is that we will not be implementing as final the rule that was proposed. In working through this process, we will continue to seek input from those with expertise and equities in cyber security in both the U.S. government and the private sector before deciding in conjunction with its interagency partners what the next step should be. I thus welcome the Subcommittees’ inputs and am prepared to answer any questions you may have.”

Transition to the Refactored AESDirect System in ACE

Wednesday, February 3rd, 2016 by Danielle McClellan

(Source: census@subscriptions.census.gov, 14 Jan 2016)

This message is not intended for filers using AESWebLink and AESDirect EDI Upload. It is strictly for the attention of filers using the legacy AESDirect portal at aesdirect.census.gov and the AESPcLink application.

The Refactored AESDirect system in the Automated Commercial Environment was launched on November 30, 2015. Since that time, filers have submitted over 47,000 accepted shipments using the new system.

As part of the transition of AESDirect to the ACE Portal, the ability to file Electronic Export Information via legacy AESDirect at aesdirect.census.gov and the AESPcLink application will be terminated in stages over the next two months. All legacy AESDirect filers will be notified of their mandatory transition date to the Refactored AESDirect system upon login and be provided a specific date their account will be closed off based upon their Filer ID.

The dates for this transition are based upon the two-digit prefix of the Filer ID and accounts will be closed off from legacy AESDirect accordingly.

  • Prefixes 00-19 on 02/15/2016
  • Prefixes 20-39 on 02/22/2016
  • Prefixes 40-59 on 02/29/2016
  • Prefixes 60-79 on 03/07/2016
  • Prefixes 80-99 on 03/14/2016

Please make sure you have taken steps to begin filing in the Refactored AESDirect system in ACE prior to your mandatory transition date.

For more information regarding the transition, please see our AESDirect Transition to ACE – Refactored AESDirect page here.

For further information or questions, contact the U.S. Census Bureau’s Data Collection Branch.