Tips on Maintaining a High Automated Export System (AES) Compliance Rate

(Source: Global Reach Blog)

Have you wondered what it takes for your company to maintain a high AES compliance rate? The following tips can help.

(1) Maintain contact with your AES client representative

If your company has unresolved fatal errors and has been assigned a Data Collection Branch AES Fatal Error Team client representative to monitor them, work with the representative.  The client representative will send you an  . Best practice shows that by working with your Data Collection Branch AES representative to resolve and/or suppress any unresolved fatal errors in a timely manner, your company will be better enabled to maintain a high AES compliance rate.

(2) Check the shipment date 

Ensure that predeparture shipments are filed before the reported departure date according to the FTR 30.4(b). This will prevent “shipment filed late” compliance alerts from negatively affecting your company’s compliance rate. Specifically, if your company has a high number of compliance alerts this will have an impact on your compliance rate. Always verify that the departure date you report is correct.

(3) Check your contact information

Make sure that the Data Collection Branch has the most current AES administrator contact information for your company. AESDirect filers can update their contact information by logging into their account and non-AESDirect filers must contact the Data Collection Branch to request that their information be updated in the internal AES participants database.

If you are an AESDirect filer, you can update your contact email address by performing the following steps:

  • Log in to the account administrator’s AESDirect account at
  • Locate the Account Maintenance section. Click on the Update Account Profile link. (Only available under account administrator’s account)
  • Review the information currently on your profile. If changes are required, click on Update Account Profile. Click Continue.
  • Enter your current information. Click Continue.
  • Enter the new email address again in the “Confirm E-mail” field under the Administrator’s section. Make sure to scroll down to the bottom of the form and complete all fields. Click Continue.

For more information on maintaining your account.

If you encounter problems updating your AESDirect account profile information, contact the AESDirect Technical Help Desk at (877) 715-4433 or by e-mail at

If you are not an AESDirect filer, please perform the following steps:

  • Contact the Data Collection Branch on 1-800-549-0595, Menu Option 1 and provide your Filer ID to one of our AES client representatives so they may update your profile information.
  • Once the current contact information is updated, the new contact will start receiving the monthly AES Compliance and Fatal Error Reports. Please monitor your inbox closely to ensure that you receive the reports in the future. This will prevent your company from having any undeliverable or unattended AES Compliance and Fatal Error Reports.

For more information

For additional best practices, check out the AES best practices manual here.

If you have additional questions or concerns, please contact the ITMD call center at 1-800-549-0595 and choose menu option 1 for the Data Collection Branch

Should I STA or Should I Go (Use a Different License Exception)

By: Scott Gearity

When the Export Control Reform Initiative truly began to come into fruition last year, License Exception STA received a lot of attention. This, despite the fact that it is not a new exception, having been introduced more than two years earlier in 2011 to create what Under Secretary of Commerce Eric Hirschhorn called a “license free zone.” And in that two year period exporters had been getting accustomed to using License Exception STA to ship microwave solid state amplifiers (ECCN 3A001.b.4), thermal imaging cameras (ECCN 6A003.b) and other similarly sensitive products in situations which previously would have required an export license.

Now, actually using License Exception STA to export 600 series items is a whole other story, replete with frustrations involving additional limitations and conditions on top of this exception’s preexisting burdensome requirements. Less well-understood is that there are alternatives to License Exception STA short of an export license, even for exports of 600 series items. To begin with, some 600 series items are eligible for export No License Required, in particular shipments to Canada and those items in .y paragraphs (e.g. 9A610.y) everywhere except to China, Cuba, Iran, North Korea, Sudan and Syria. Some ground vehicles and ground vehicle parts and components (i.e. those classified in ECCN 0A606.b) are also NLR-eligible to a number of destinations (many European countries, Australia and Japan among them.)

Still, exporters will not be able to ship most 600 series hardware, software and technology NLR anywhere other than to Canada. But this does not mean that the only remaining options are License Exception STA or, failing that, a license. There are other EAR license exceptions which can authorize an export of a 600 series item. These are:

  • License Exception LVS (§740.3): This can be a useful authorization for low value shipments. Many existing 600 series hardware ECCNs are eligible for this exception at the $1,500 level. So if the destination for the export is in Country Group B (which is much larger than the list of STA-eligible destinations for 600 series items in Country Group A:5) and the net value of the order does not exceed $1,500, License Exception LVS may be a good option. (For the ITAR fans out there – the closest equivalent exemption to LVS in DDTC’s regulations is §123.16(b)(2).)
  • License Exception TMP (§740.9): If the export is intended to be temporary, consider whether this exception may be an option. Its provisions are generally available for 600 series items. (TMP stands in for several ITAR exemptions including §123.16(b)(5) and (9), §123.17(c) and (f)-(i) and §125.4(b)(9).)
  • License Exception RPL (§740.10): Have a customer who wants to send 600 series hardware back to the U.S. for repair or replacement? The return itself is not subject to the EAR (because the EAR does not regulate imports), but to send the repaired item or a one-for-one replacement for it back abroad, an appropriate authorization is required. That authorization could be License Exception RPL. Like License Exception LVS, the list of RPL-eligible destinations is much longer than that for License Exception STA. (The ITAR exemption at §123.4(a)(1) permits shipments in situations similar to those allowed by License Exception RPL .)
  • License Exception GOV (§740.11): Are you the U.S. Government? Would you like to export to the U.S. Government? Have you been told (in writing) by a U.S. government agency to make an export? Is your export consigned to and for the official use of an agency of a handful of “cooperating” governments? If the answer to any of these questions is “yes,” then License Exception GOV may be an option. (There are a slew of roughly equivalent ITAR exemptions to GOV including §125.(4)(b)(1) and (3), §125.(4)(c), §125.(5) and §126.4.)
  • License Exception TSU (§740.13): This exception is only for software and technology, but within that scope is one of the broadest in the EAR. It permits the export of operation technology and software related to lawfully exported hardware. And the “sales technology” provision may allow exports of technology classified in XE6XX ECCNs in response to RFPs or RFQs which previously might have had the exporter stopping to seek a DSP-5 marketing license or TAA (and maybe losing the contract thanks to the delay). License Exception TSU also includes an authorization of particular utility to universities. (Compare License Exception TSU to the ITAR exemptions at §125.4(b)(4), (5) and (10).)

Clearly, there are more options for exporting 600 series items than just STA and licenses. When considering using one of these license exceptions, always remember to carefully review not just the text of the exception itself, but also EAR §740.2 which contains general restrictions on the use of exemption.

BIS Seeks Input on Proposed Amendment to EAR: Replacing the term “Routed Export Transaction” with “Foreign Principal Party Controlled Export Transaction”

By: Brooke Driver

BIS recently released a proposed change to the EAR that would remove the term “routed export transaction” and replace it with “foreign principal party controlled export transaction” in order to better define export transactions in which the foreign buyer assumes responsibility for export licensing. In so doing, Commerce hopes to eliminate the confusion caused by the two different interpretations of “routed export transaction” as it appears in the EAR and the Foreign Trade Regulations. Comments on the proposed rule are due no later than April 7. The EAR define “routed export transaction” as a transaction in which the foreign party in interest agrees to terms of sale that include taking delivery of items inside the U.S. through an American agent and assuming responsibility for transporting those items from the U.S. to a foreign destination. In such cases, the U.S. provider may allow the foreign buyer to assume the task of determining the need for approval and acquiring licenses if necessary. BIS claims that some, however, have incorrectly interpreted the term within the context of the FTR to state that it is required that the USPPI allow the FPPI to assume licensing responsibility in all routed export transactions. The proposed term “foreign principal party controlled export transaction” would then describe a transaction in which the FPPI is responsible for the export of items subject to the EAR and also for fulfilling licensing requirements.

Under this new rule, the USPPI would be required to provide the FPPI and its agent, if prompted, with the ECCN of the product(s) involved in the transaction or sufficient technical information to determine the correct ECCN and any additional information that it knows may affect the determination of license requirements or export authorization. The FPPI would then need to authorize the USPPI to obtain from the U.S. agent the date of export, port of export, country of ultimate destination, destination port, method of transportation, specific carrier identification and export authorization.

To submit your comments, email

Top 5 Mistakes Exporters Make

By: Scott Gearity

Export compliance can be complicated, so you may ask yourself, “Am I doing this right?” Some mistakes that exporters make may be obvious and others could easily be overlooked. Knowing what these mistakes are and how to avoid making them is important because your compliance program and procedures are only as good as the worst mistakes that you may or may not make.

With apologies to David Letterman, these are the Top 5 mistakes exporters make:

   #5: Acting like selling to Saint Petersburg, Florida is the same as selling to St. Petersburg, Russia

Between the National Export Initiative, a relatively weak dollar, and sluggish domestic growth, seemingly everyone wants to be an exporter.

Can it be worth it? Absolutely, but you need to go about it the right way by identifying the compliance risks and taking effective measures to address them before you get in over your head.

   #4: Not classifying the things you export

That yellowing sticky note with “EAR99” scrawled on it does not a classification matrix make. There is simply no way to know how to focus your resources (or even what kind of resources you need) without first classifying products, technologies and other items which may be exported.

   #3: Not reporting your bribes

OK, I jest. Much better an exporter not make “alleged improper payments” (as The Wall Street Journal will inevitably describe them) in the first place. But if they do, they should prepare to experience the trend toward convergence of anti-corruption and export controls enforcement. Just ask BAE Systems, Shu Quan-Sheng and Titan Corporation, to name a few who found out the hard way.

   #2: Exporting to China without doing your homework

Reading the Justice Department’s Summary of Major U.S. Export Enforcement, Economic Espionage, Trade Secret and Embargo-Related Criminal Cases is a guilty pleasure on par with the best E.L. James has to offer. The astute reader cannot help but to notice that one particular word appears 275 times in this document. That word is China. Still, US exporters rang up $109 billion in sales to China just last year. By all means, grab a piece of that pie, but do it in a way which protects your organization.

   #1: Exporting to Iran. Period.

China is merely a supporting actor in comparison to another country which features even more prominently in the DOJ’s summary. Iran (475 mentions) continues its starring role as the number one US export enforcement target. Fortunately, there are steps exporters can take now to limit their exposure.

BONUS: Join ECTI February 5 for a practical discussion of what you can do to avoid the Top 5 Mistakes Exporters Make. This free 30-minute webinar will not solve all of your problems, but it will be packed full of thought provoking information that will force you to think about these critical challenges and understand some options for dealing with them. This webinar will also include a Q & A session for participants. Please join us by registering for the free webinar at

DTrade2 Updates: Reform and New Digital Certificate Requirements

By: John Black

DDTC has a notice on its website telling exporters that DTrade2 had been upgraded and new version 7.1 DSP application forms 5, 6, 61, 62, 73, and 74 are available for you to download and use. DDTC also has important guidance explaining that users must purchase and register a new SHA-256 digital certificate by December 31, 2013. For more information go to:

The Export Compliance Training Institute Announces Three New Seminars for Fall 2013

By: Jill Kincaid

Widely known as the leader for comprehensive and practical training on US export regulations (EAR, ITAR & OFAC), ECTI will launch three new programs in fall 2013.  All new programs have a focus on the recent Export Control Reform (ECR) changes and practical information for how companies can adapt and comply.

MASTERING AND IMPLEMENTING EXPORT CONTROL REFORM will be offered September 20, 2013 in Washington DC, and is a full-day of training on the details of reform.  Detailed course agenda can be viewed at and seminar webpage can be found at  John Black and Scott Gearity will lead this dynamic and essential training.

EU CONTROLS:  EXPORT CONTROLS & EMBARGOES ISSUES AND RISK (The Impact of EU, German and US Export Controls on European Companies) will be offered October 28-29, 2013 in Munich, Germany, and will apply the same comprehensive and practical approach that ECTI is known for to the EU and German export controls.  There will also be a session on US reformed controls as they apply to non-US companies.  Stephan Müller, John Black, Axel Junski & Stephan Morweiser will lead the instruction.  Details, agenda & registration:

ADVANCED ISSUES IN EXPORT CONTROLS:  COLLABORATIVE WORKSHOP: The long-awaited follow-up course to ECTI’s popular US Export Controls/ Defense Trade Controls seminar series is finally here. To be held November 19-20 in Washington DC, industry experts John Black, Scott Gearity, Greg Creeser & Jonathan Poling will lead this information-packed 2-day event tailored to export compliance practitioners who already possess a solid base knowledge of export controls.  Emphasis will be on reform changes, avoiding violations—and handling them when they occur—taking your compliance best practices to the next level, and case studies and exercises designed to help compliance professionals learn to better handle the more difficult export compliance challenges.  Details, agenda & registration:

State/DDTC Posts New Guidelines for Preparing Electronic Agreements

By: Brooke Driver

Effective April 22, 2013, the “Guidelines for Preparing Electronic Agreements” section of the ITAR has undergone extensive revision. Look at the Table of Contents for the stuff highlighted in yellow to find the updates.  Be sure to download and review the new procedures here:

3-D Printable Gun Defies Government Regulations

By: Brooke Driver and John Black

Few would deny that technology has transformed our world—and our vocabulary. New connotations for words we thought we knew multiply daily, like overly-friendly rabbits. Surf, Browse, Like, Post—it seems no verb is safe from accumulating multiple meanings. Cody Wilson, founder of Defense Distributed, recently proved that even words that are already associated with technology can collect meanings—in this case, Print. Typically, this verb is innocent, associated with work projects, school papers and the inevitable frustrating paper jam. However, ever-changing technological advancement, and Defense Distributed, has transformed the action of printing into something uncontrollably dangerous.

Wilson, a law student at the University of Texas, has invented a 3-D printable gun, which he calls the “Liberator,” an appropriate name, as the downloadable weapon signifies a freedom from government restrictions on gun ownership and manufacturing. The gun is composed of 16 parts, all of which (except the firing pen and an additional metal part) are made from a tough, heat-resistant plastic used in products such as musical instruments, kitchen appliances and vehicle bumper bars. The printable handgun is functional, if not high-quality. It is designed to fire standard rounds, and its interchangeable barrel can even accommodate different calibers.

On May 8th, Wilson received a letter from the State Department Office of Defense Trade Controls Compliance regarding the online blueprints for Defense Distributed’s 3-D-printable handgun, the so-called “Liberator,” and nine other 3-D printable firearm components. The letter demanded that Defense Distributed remove these blueprints, released on its website ( only three days before, until Department officials have reviewed the files for ITAR compliance. The Department letter did not charge anybody with any violations.  Instead, the letter just demanded the data be taken off the public servers.  We have not seen any information that the State Department has charged any of the websites that currently make the identical data freely available.

In December 1984 the State Department removed the ITAR requirement that said companies could not put ITAR controlled technical data into the public domain without prior US Government approval.  The ITAR says that once technical data is “public domain” there are absolutely no ITAR jurisdiction or restriction on the data.  Prior to the Reagan Administration days, companies were prohibited from putting technical data into the “public domain.”  For various reasons, in 1984 the State Department gave companies permission to put ITAR controlled tech data in the “public domain” and remove all export controls from the data.  The tricky thing is that the data has to meet the ITAR definition of “public domain,” which might not reflect a common sense assumption about what public domain means.

So why did the State Department not charge Wilson if what he did was illegal?  We do not know.  (But we do know it is easier to threaten and bully with a letter than to win a case in a legal proceeding.)  Why is the State Department not going after the others who have the identical data on their web site?  We do not know.  Why is the State Department not charging other companies that put other ITAR tech data on their web sites?  We do not know.

Deputy spokesman Pat Ventrell said, “Exports of non-automatic and semi-automatic firearms up to 50 caliber are controlled under the U.S. munitions list. In accordance with the Arms Export Control Act, any person who engages in the US in the business of manufacturing or exporting defense articles, furnishing defense services, or engages in arms brokering covered by the International Traffic in Arms Regulations (ITAR), is required to register with the state department.”

Pat Ventrell failed to mention that if your only action is creating technical data, you do not have to register.  Pat Ventrell failed to mention that “public domain” data is not a defense article in the first place.

Although Wilson plans to comply with the Department’s request, he also acknowledges the likelihood of its ultimate failure: “All such data should be removed from public access, the letter says. That might be an impossible standard. But we’ll do our part to remove it from our servers.” As Wilson implies, however, simply removing the files from the website will not erase them from public access; during the first two days the plans for the Liberator were available for download, 100,000 people downloaded them from a New Zealand-based storage service called Mega, created by ex-hacker and entrepreneur Kim Dotcom and obviously not subject to US regulations. The file may remain available for download on Mega’s servers. The blueprints for the 3-D printable gun have also made their way to the Pirate Bay, a censorship-resistant filesharing site.

Wilson claims that the company is legally protected from consequence through the  ITAR “public domain” exemption for non-profit public domain releases of technical files designed to create a safe harbor for research and other public interest activities. Defense Distributed can only qualify for this exemption if its files are stored in a library or sold in a bookstore, but, while his reasoning seems farfetched, Wilson argues that Defense Distributed fits that requirement, saying that files on the company’s site can be accessed through a library computer and that they have been sold in an Austin, Texas bookstore (which he conveniently declined to name, in order to protect the owner).

While Wilson might not quite understand ITAR “public domain” but he does point out the fact that the definition as it was revised in 1984 did not anticipate the existence of the internet as a method of sharing information.  The 1984 revision said you may make technical data “public domain” by handing it out at open conferences or trade shows in the United States, making it available in public libraries, or making it available in a bookstore but failed to include the internet—We assume that is because nobody knew what the internet would become.
Because “public domain” does not include the internet, many companies use the “library stretch” interpretation to justify putting their ITAR tech data on websites open to the public.  “Public domain” applies to technical data that is “generally accessible or available to the public” through any of the means in 120.11(a)(1) – (8).  120.11(a)(4) says “public domain” includes technical data generally accessible or available to the public “at libraries open to the public.”  The “library stretch” argues that if I can go into a library and see the information in a book or on the internet in a free to use PC in the library, it is accessible and thus “public domain.”  The “library stretch” is a reasonable and defendable interpretation, but it might not be literally what the ITAR says.

Maybe somebody should tell Wilson to get his tech data on a bookshelf so he can exactly meet the requirements of 120.11(a)(1).

Wilson does not consider the attempted censorship a defeat, stating that the government’s actions and its probable failure to suppress the Liberator help communicate the pitfalls of the current arms regulations system: “This is the conversation I want,” Wilson says. “Is this a workable regulatory regime?  Can there be defense trade control in the era of the Internet and 3D printing?”

An apt question and one that Wilson’s case seems to answer strikingly.

The full text of the letter:

United States Department of State
Bureau of Political-Military Affairs
Offense of Defense Trade Controls Compliance
May 08, 2013
In reply letter to DTCC Case: 13-0001444
[Cody Wilson’s address redacted]
Dear Mr. Wilson,
The Department of State, Bureau of Political Military Affairs, Office of Defense Trade Controls Compliance, Enforcement Division (DTCC/END) is responsible for compliance with and civil enforcement of the Arms Export Control Act (22 U.S.C. 2778) (AECA) and the AECA’s implementing regulations, the International Traffic in Arms Regulations (22 C.F.R. Parts 120-130) (ITAR). The AECA and the ITAR impose certain requirements and restrictions on the transfer of, and access to, controlled defense articles and related technical data designated by the United States Munitions List (USML) (22 C.F.R. Part 121).
The DTCC/END is conducting a review of technical data made publicly available by Defense Distributed through its 3D printing website,, the majority of which appear to be related to items in Category I of the USML. Defense Distributed may have released ITAR-controlled technical data without the required prior authorization from the Directorate of Defense Trade Controls (DDTC), a violation of the ITAR.
Technical data regulated under the ITAR refers to information required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles, including information in the form of blueprints, drawings, photographs, plans, instructions or documentation. For a complete definition of technical data, see 120.10 of the ITAR. Pursuant to 127.1 of the ITAR, it is unlawful to export any defense article or technical data for which a license or written approval is required without first obtaining the required authorization from the DDTC. Please note that disclosing (including oral or visual disclosure) or transferring technical data to a foreign person, whether in the United States or abroad, is considered an export under 120.17 of the ITAR.
The Department believes Defense Distributed may not have established the proper jurisdiction of the subject technical data. To resolve this matter officially, we request that Defense Distributed submit Commodity Jurisdiction (CJ) determination requests for the following selection of data files available on, and any other technical data for which Defense Distributed is unable to determine proper jurisdiction:
1.    Defense Distributed Liberator pistol
2.    .22 electric
3.    125mm BK-14M high-explosive anti-tank warhead
4.    5.56/.223 muzzle brake
5.    Springfield XD-40 tactical slide assembly
6.    Sound Moderator – slip on
7.    “The Dirty Diane” 1/2-28 to 3/4-16 STP S3600 oil filter silencer adapter
8.    12 gauge to .22 CB sub-caliber insert
9.    Voltlock electronic black powder system
10.    VZ-58 sight
DTCC/END requests that Defense Distributed submits its CJ requests within three weeks of the receipt of this letter and notify this office of the final CJ determinations. All CJ requests must be submitted electronically through an online application using the DS-4076 Commodity Jurisdiction Request Form. The form, guidance for submitting CJ requests, and other relevant information such as a copy of the ITAR can be found on DDTC’s website at
Until the Department provides Defense Distributed with the final CJ determinations, Defense Distributed should treat the above technical data as ITAR-controlled. This means that all such data should be removed from public access immediately. Defense Distributed should also review the remainder of the data made public on its website to determine whether any additional data may be similarly controlled and proceed according to ITAR requirements.
Additionally, DTCC/END requests information about the procedures Defense Distributed follows to determine the classification of its technical data, to include aforementioned technical data files. We ask that you provide your procedures for determining proper jurisdiction of technical data within 30 days of the date of this letter to Ms. Bridget Van Buren, Compliance Specialist, Enforcement Division, at the address below.

Office of Defense Trade Controls Compliance
PM/DTCC, SA-1, Room L132
2401 E Street, NW
Washington, DC 20522
Phone 202-663-3323
We appreciate your full cooperation in this matter. Please note our reference number in any future correspondence.
Glenn E. Smith
Chief, Enforcement Division

RH International, LLC and Owner Mohammad Reza Suffer $10,000,000 fine, 4 Years of Prison and 10 Years on the Denial List

By: Brooke Driver

On October 18, 2012, RH International, LLC, and its owner, Mohammed Reza Hajian, were convicted of violating the International Emergency Economic Powers Act. RH International was specifically accused of knowingly violating the IEEPA and the Iranian Transactions Regulations by exporting computer and related equipment from the United States to Iran through the U.A.E without attaining the necessary license from the Office of Foreign Assets Control.

Based on the facts that:

  • RH management purposefully violated customs laws and
  • The company did not disclose its violations to BIS

RH International was sentenced to:

  • 10-year denial of export privileges
  • 12 months of unsupervised probation
  • $400 fine

Because the company’s owner and operator plead guilty to direct involvement in and knowledge of RH’s violations, and because he had displayed—by exporting to Iran through the U.A.E.—an affinity for finding illegal loopholes, Reza was charged separately. To prevent Reza from exporting his products as an individual, rather than representative of RH, and to punish him for his actions the court sentenced him to:

  • 10 years on the Denied Persons List
  • 12 months of unsupervised probation
  • 48 months in prison
  • $100 assessment

As if these consequences weren’t severe enough, the court found a loophole of its own; instead of directly demanding a huge fine of RH International, prosecution chose to “reroute” that $10,000,000 fine to Reza himself, who will likely rethink attempting to hoodwink the US government in the future.

Chinese National in US Jailed for Six Years for Exporting ITAR Data

By: Brooke Driver

On March 25, 2013, Chinese national and former employee of L-3 Communications Holdings Dr. Sixing Liu paid a high price for stealing thousands of computer files that detailed the performance and design of US guidance systems for missiles, rockets and unmanned drones. Certainly this action alone would be enough to merit heavy consequences from the US government; however, Liu did not stop at simply stealing the files, but shared them at universities and government-organized conferences in his home country, apparently hoping to increase his chances of getting hired by a Chinese company.

Paul Fishman, the US attorney assigned to the case, believes that Liu’s nearly six-year prison sentence and conviction on 9 of the 11 counts against him (including possession of stolen trade secrets, violating the Arms Export Control Act and lying to federal agents) were well-deserved: “Instead of the accolades he sought from China, Sixing Liu today received the appropriate reward for his threat to our national security: 70 months in prison.” Unlike Fishman, Liu’s attorney, James Tunick, disagrees with the severity of the sentence, maintaining that the former L-3 employee “made a mistake by having these files on his computer,” but that “he surely did not intend to harm the interests of the United States.”

So, how can we avoid Liu’s fate?

  • Remember that certain files on personal computers require permits in order to be transported, so that laptop you take on an international flight to get some work done, and (let’s be honest) play Angry Birds is considered an export.
  • Action takes precedent over intention. You may not have purposefully violated export laws, but you will–all the same–be punished for those violations.

In other words, knowledge is your best protection.