Re: [TSCM-L] {2449} Wikileaks censored

From: Rob Hommel <rho..._at_mad.scientist.com>
Date: Sun, 24 Feb 2008 02:24:39 -0500

>From - Sat Mar 02 00:57:22 2024
Received: by 10.42.158.4 with SMTP id f4mr7691512icx.4.1323983872028;
        Thu, 15 Dec 2011 13:17:52 -0800 (PST)
X-BeenThere: tscm-l2006_at_googlegroups.com
Received: by 10.231.180.209 with SMTP id bv17ls8595755ibb.1.gmail; Thu, 15 Dec
 2011 13:17:47 -0800 (PST)
Received: by 10.42.158.4 with SMTP id f4mr7690833icx.4.1323983867847;
        Thu, 15 Dec 2011 13:17:47 -0800 (PST)
Received: by 10.42.158.4 with SMTP id f4mr7690832icx.4.1323983867832;
        Thu, 15 Dec 2011 13:17:47 -0800 (PST)
Return-Path: <jm..._at_tscm.com>
Received: from smtpauth03.mfg.siteprotect.com (smtpauth03.mfg.siteprotect.com. [64.26.60.137])
        by gmr-mx.google.com with ESMTP id dn4si3079igb.2.2011.12.15.13.17.47;
        Thu, 15 Dec 2011 13:17:47 -0800 (PST)
Received-SPF: neutral (google.com: 64.26.60.137 is neither permitted nor denied by best guess record for domain of jm..._at_tscm.com) client-ipd.26.60.137;
Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 64.26.60.137 is neither permitted nor denied by best guess record for domain of jm..._at_tscm.com) smtp.mail=jm..._at_tscm.com
Received: from Waiting-For-A-Blue-Bird.local (unknown [71.174.30.9])
        (Authenticated sender: jm..._at_tscm.com)
        by smtpauth03.mfg.siteprotect.com (Postfix) with ESMTPA id 45771103801F
        for <tscm-..._at_googlegroups.com>; Thu, 15 Dec 2011 15:17:46 -0600 (CST)
Message-ID: <4EEA63F9.7010603_at_tscm.com>
Date: Thu, 15 Dec 2011 16:17:45 -0500
From: "James M. Atkinson" <jm..._at_tscm.com>
Reply-To: jm..._at_tscm.com
Organization: Granite Island Group
User-Agent: Thunderbird 3.0a1pre (Macintosh/2008022015)
MIME-Version: 1.0
To: tscm-l2006_at_googlegroups.com
Subject: ALL Sweeep Gear is an ITAR Item
Content-Type: text/plain; charset=windows-1252; formatowed
Content-Transfer-Encoding: 8bit

Please remember that if you have any piece of equipment that is used to
person TSCM, TEMPEST, or related inspections that the equipment, without
exception is an ITAR device, and you must get a special license to move
it across any international border, EACH TIME.

-jma




http://www.militaryaerospace.com/index/display/article-display/367164/articles/military-aerospace-electronics/volume-20/issue-8/features/special-report/itar-compliance-ignorance-is-no-excuse.html

ITAR compliance: ignorance is no excuse

Navigating the labyrinth of export compliance is difficult for many
companies regardless of their size. Those who fail to be vigilant may
face hefty fines and criminal charges as well as see their businesses fail.

By John McHale


Designing a product for the military today is much more than just
meeting a request for quotes or testing products to make sure they meet
stringent military environmental and performance standards.

Once designed, the integrated circuit, single-board computer, avionics
system, missile, or unmanned aircraft must be properly licensed by the
U.S. State Department under the International Trafficking in Arms
Regulations (ITAR) and other export compliance standards.

Complying to these regulations is just as complicated and detailed a
task for compliance officers and attorneys as designing fire control
system components is for defense electronics engineers. Failure is not
an option for either task, but in the case of ITAR compliance it could
result in multimillion dollar fines and even jail time for individuals
who knowingly violate the law.

ITAR, which has been in place since 1976, was put in place for U.S.
national security and other foreign policy objectives; therefore, the
government can impose criminal and civil penalties, points out Kay
Georgi, an export attorney and partner at the Arent Fox law firm in
Washington. The government, in fact, has been known to prosecute
individuals for willfully violating the ITAR or the Export
Administration Regulations, she says, yet �even an innocent mistake can
be the basis for very substantial civil fines and penalties.�


Penalties and enforcement

Civil and criminal penalties have grown since the terrorist attacks of
Sept. 11, 2001, but that is due less to the volatile conflicts around
the world and more to the fact that the U.S. Government has hired more
enforcement personnel, Georgi notes. �Better coordinated enforcement
between agencies and with the U.S. Department of Justice made export
enforcement a priority,� she continues.

This is only going to become more problematic today as commercial
companies, finding their own markets tanking, try to break into the
defense business. The defense industry is one of the few bright spots in
this economy and already designers of commercial technology are looking
for ways to attract military system integrators to their products.

�Export enforcement law and regulations are very complex,� says John
Hanson, director of Huron Consulting Group in Chicago and a former
federal agent. �The problem in this area is further exacerbated by
enforcement trends which only point to a large increase in civil and
criminal actions for the next few years.

�For example, a task force was formed in the latter part of 2007 that
has been educating federal prosecutors and agents regarding making cases
in this area,� Hanson continues. �Prior to this, there were not many
prosecutors taking these cases and very few agents focused on it, at
least in the Department of Justice. As this education spreads throughout
the 93 U.S. Attorney�s offices and their corresponding investigative
agencies, we will see much more scrutiny and many more cases.

�Add to this that the penalties for violations in this area were
significantly increased, to as much as $250,000 per violation in some
instances, and the pain becomes unbearable for many small and large
companies alike,� Hanson adds. Companies are also being required to
self-report violations or their problem is compounded, he notes.



Evolving regulations

As with any type of law, how the regulations are enforced or interpreted
depends on the person interpreting the laws, Georgi says. This is often
the case in commodity jurisdiction issues, she continues. Which
agency�State, Commerce, etc.�has jurisdiction depends on who is being
asked at the time, Georgi explains.

The key here is to make sure complete and correct information is
provided when doing a commodity jurisdiction request, otherwise it could
get placed in the wrong jurisdiction and the fault will be with the
company not the government, Georgi says. �It�s a case of garbage, in
garbage out,� she adds.

The laws and regulations do evolve and companies must keep abreast of
these changes, Georgi says. The State Department will update its U.S.
Munitions list but not as often as Commerce adjusts its Commerce Control
List (CCL), she continues.


Any technology used for space�commercial, NASA-related, or
defense�typically is ITAR controlled because it is integrated with
launch vehicles, such as the Titan, which automatically come under the
ITAR, say legal experts.

�The Bureau of Industry and Security (BIS) of the U.S. Department of
Commerce frequently updates the Export Control Classification Numbers
(ECCNs) on the CCL because major multinational agreements that govern
many of the ECCN controls are updated frequently, Georgi says.

It is also important to keep up with lists of which countries receive
friendly status and which are off limits, as well as which countries
that fall under U.S. sanctions and United Nations sanctions. There are
some countries that �are currently off limits, such as Iran, Cuba,
Syria, Sudan, and North Korea, for virtually all products and
technology, and those that are off limits for defense articles and
technology, such as China,� Georgi says.

Export compliance should not be an afterthought that you need to go
looking for, it should be part of your morning routine so to speak, says
Karen Jones, vice president of export controls at XE Corp. (formerly
Blackwater) in Moyock, N.C. �It�s the same when you go to brush your
teeth, your toothbrush is right where you need it,� no searching is
involved.

�People say to me, �this is so hard to set up;� I say, �Of course it is,
it�s export compliance,�� Jones says. �In response to export compliance
systems, people say �this is harder, not easier� these systems are not
particularly designed for ease, though if they are easy it is definitely
a benefit. They are designed for seamless compliance and what is hard
for you now makes compliance easier later.�

Most common ITAR mistakes

The ITAR is fraught with complications that make it easy for companies
to make mistakes if they are not vigilant. Georgi says she typically
sees about five areas where companies slip up.

The first most common mistake Georgi sees among small businesses new to
export compliance is the lack of any compliance program internally. They
need to invest money and training in one person internally to handle the
compliance process, she says.

Many businesses in this economy are so focused on sales that they do not
spend the appropriate time making sure all their products are properly
licensed, Georgi says.

Some companies also believe that having a compliance program on paper is
enough, which is a mistake, Georgi notes. �Their program is largely
ineffective because it does not tie in with actual company procedures or
because they don�t have the trained export compliance personnel to help
with issues,� Georgi says.

A third mistake that results in a vast number of violations is company
failure to classify long-term products as ITAR or Commerce controlled,
Georgi says. �Often I hear �we�ve been making this product for 50 years;
it�s OK,�� Georgi explains. �Well, it doesn�t matter how long you�ve
been making it, it still needs to be licensed or it is a violation.�

Another compliance oversight occurs when a �company has missed something
in their program�such as foreign national employees or foreign
procurement of controlled parts�or they don�t have controls that follow
shifting programs or products,� Georgi notes. She calls this situation
�ITAR creep��when the company thinks they have covered every angle, but
something sneaks up on them and they have a violation.

A fifth circumstance is when a company sees a potential export problem
with one of its orders, knows it is a red flag, but goes ahead anyway
because �they are so hot for the sale,� Georgi says. This very
dangerous, she adds.

�When you have a red flag, you need to stop and look into it,� Georgi
says. �In the ITAR world, you need to make sure you identify all the
potential problems.�

XE�s Jones says one of the biggest mistakes she sees companies make is
with their record keeping. They have a tendency to focus on getting the
license, but then fail to maintain their records, she continues.

They need to answer all the requirements, �show that they did what they
said they would do,� in case the government comes calling, Jones says.
�It�s a lot more comprehensive than a driving or fishing license. Even a
driving or fishing license has follow-on obligations�a munitions export
license is no different in that but more complex.�

Just knowing what the proper records are is still not enough, Jones
says. When doing export compliance, it is important to become intimately
familiar with the process that supports the generation of each record,
so that when someone wants to review or validate what you did, no one
has to scramble, she explains. �The records are right where you put them
for when you need them.�

Another area that requires close attention is writing product
descriptions for a license application, Jones says. Companies �need to
be aware of who their audience is. You need to look at it through the
eyes of a customs official. Just because it looks right to you, doesn�t
mean it will to them,� she adds.


The U.S. government assessed ITT Corp. with fines and forfeitures
totaling $100 million for providing night-vision technology to foreign
countries.

Prime contractors are set up well with large export compliance staffs
and systems, but in such large organizations miscommunications sometimes
happen, Jones says. Often someone will say �I didn�t know that was ITAR
controlled, or a defense item, etc.�

Also sometimes they are so focused on what is happening now they do not
plan for what may happen down the road with inventory that may be
exported a year or two years later, Jones says. They still get the
license and do the paperwork right, but find themselves scrambling at
the last minute because they lacked foresight, she adds.

At small corporations, people are often too busy and need to focus on
the definitions, Jones says. They need to understand �what they are
doing, and keep it simple, breaking the compliance process down into
simple elements.�

Officials at FLIR Systems, a designer of electro-optics and thermal
imaging systems in Beaverton, Ore., recognized that fact and took it a
step further at the Paris Air Show earlier this summer, says David
Strong, vice president of marketing at FLIR.

FLIR made up a brochure to give to all their employees outlining the
export compliance rules they were to follow while they were in Paris,
Strong says. The State Department �was impressed with how organized we
were,� he adds. However, Strong says he wishes the State Department
would loosen its controls. There are many foreign companies that �make
very high-quality products,� Strong says. �We need to be competitive
with them.�

Foreign nationals under ITAR

Another area that companies may not understand is where and when a
foreign national is allowed to be involved on defense technology
development.

�If they become U.S. citizens or permanent residents, they are no longer
foreign nationals and no license is required to work on unclassified
military projects,� Georgi says. But even if they are not a citizen or
permanent resident, it is fairly easy to get license to work on
unclassified programs, she adds. However, if they fall under the list of
proscribed nations, they will not get a license, she cautions. This list
does change from time to time depending on U.S. policy and politics, so
companies need to keep an eye on it, Georgi adds.

Countries such as China (for defense) and Iran (more broadly), however,
will probably not be coming off any time soon, Georgi notes.

Dual use

One ITAR compliance issue that can range from black and white to extreme
shades of gray is the concept of dual use�when a technology is used for
commercial and military applications.

Many dual-use cases are very simple. Missiles, for example, are on the
U.S munitions list, Georgi says. A laptop computer for commercial
applications, moreover, typically falls under dual-use and is not a
problem, she continues.

Where it can be murky is when an integrated circuit designed for
commercial applications is modified for an ITAR-controlled application,
Georgi says. Here, the company will have to ensure it does not need a
license; the company should not assume the IC is OK because it was
originally a commercial product.

�Intent is very important in these cases,� Georgi says. If the intent
was to design this product for the commercial market, but it ends up
unchanged in a military program, it typically will fall under dual-use
and not ITAR. Georgi warns, however, to �keep an eye on the Commerce
Control List as some integrated circuits are subject to high-level
Commerce controls.�

Do not go it alone

Lawyers like Georgi can be expensive, but consultants can help at lesser
cost or companies can invest internally on training of one or more
people to handle their export compliance, she says. They need to
identify in their own ranks someone who is not afraid of reading
regulations, such as the safety control or quality assurance manager,
Georgi says.

A good combination would be to train the internal person, send them to
export compliance classes and seminars, and then hire an outside
consultant or attorney to work with the internal person, Georgi notes.

Dean Young, the internal ITAR person and facility security officer at
Celestica Aerospace Technologies Corp. in Austin, Texas, says: find the
outside experts and �don�t be afraid to ask the tough questions.

�Organizations like the Society for International Affairs (SIA), the
National Classification Management Society (NCMS), and the ASIS are
great resources and can provide contacts or information regarding ITAR
or export compliance,� Young continues. �The SIA publishes manuals and
material related to ITAR. The SIA �Compliance Insiders: Toolkit for
Internal Compliance� is a great tool for any ITAR program. This toolkit
includes a great checklist that you can use to put an ITAR program into
place or improve the current program.�

Sometimes companies do hire law firms such as Arent Fox to advise them
on key strategic issues, such as voluntary disclosures and commodity
jurisdiction issues, which is not super expensive, Georgi says. Where
the costs go up is when �they say they don�t have the time and have me
do everything.�

�Don�t be afraid to call an attorney who specializes in export
compliance and law when you are confronted by issues regarding
compliance and legal issues,� Young advises. �They really can provide
proper guidance and keep you out of hot water.

�I would strongly advise companies to obtain expert assistance and
counsel as they consider moving into this area,� Hanson says. �It�s not
a cost that many companies like to pay, but the cost/risk ratio is too
high to not contemplate such proactive work gravely.�

Richard Schulman, vice president of quality at Columbia Tech in
Worcester, Mass., a contract engineering and manufacturing company that
just got into the defense industry in the last year, says they are
taking a conservative approach, even turning down requests for quotes if
they think it might be too risky for export compliance. �We hired a
consultant and went through some training,� and are looking into
possibly hiring a law firm, Schulman says. �Hiring the consultant was
the best decision we made,� he adds.

�It was brand new to us,� Schulman says. �We thought the registration
process was straightforward,� but got hit right off with a technicality
when we registered under the parent company and not the subsidiary doing
the work.

�It�s a time suck,� Schulman says. �I now spend 50 percent of my time on
ITAR instead of 100 percent on quality.�

Leadership

Leadership and management support��without it, a small program can fail
or struggle to be in compliance,� Young says. Celestica and its parent
company�s leadership and management have recognized the value of
supporting our security programs and understand the value of compliance.

�Too many times we have read about companies who have really struggled
or have been heavily fined for non-compliance,� Young continues. �As a
small facility, we simply cannot afford to be non-complaint to any
security regulation. Leadership and management work hard to ensure we
are compliant through support of external and internal training and
making sure all possible resources are available for a company to succeed.�

�Management commitment is critical to a successful program and the
management support here is very strong and the commitment to excellence
in export compliance is communicated at every level of the company to
our most remote operating locations,� XE�s Jones says. �We have the
benefit of our self-imposed Export Compliance Committee or ECC� that
provides �meticulous scrutiny on every element of our compliance
procedures, systems, and activities.�

How to set up an ITAR-compliance program

Kay Georgi, a partner with Arent Fox in Washington, provided the
following suggestions on how to set up an ITAR-compliance program.

The key elements are:

) having management issue a policy indicating the importance of
compliance and the consequences of non-compliance;
) establish a human reporting structure�who will handle what aspects of
compliance;
) register with the State Department and make sure you keep your
registration current;
) classify all known products and services, and set up a system for
classifying new products;
) set up a system for ensuring products and services subject to the ITAR
cannot be exported without a license, and bring business development
into that process to ensure that proposals to sell defense articles are
not made unless any approvals necessary are also obtained;
) establish a system for identifying ITAR-controlled technical data and
a control plan for controlling it: a) in hard copy; b) in soft copy on
computers, LANs, e-mail messages, etc. (involve your information
technology department for this); c) by business travel; and d) by visits
and meetings;
) involve human resources so that any licenses can be obtained for
foreign nationals;
) involve procurement to ensure that ITAR parts are not procured abroad
without ITAR review and licenses, if required;
) put in place record keeping procedures and reporting procedures;
) train employees on all of the above systems; and
) audit all of the above systems.

For more information on ITAR compliance, contact Georgi by e-mail at
geor..._at_arentfox.com or by phone at 202-857-6293.



High-profile ITAR violations and penalties

When a small company makes an ITAR violation, it does not typically make
a ripple in the news industry; however, over the years, there have been
a few cases that grabbed the world�s attention.

Export compliance made headlines in 2003 when Loral Space &
Communications Corp., Boeing, and Hughes Electronics allegedly provided
satellite launch rocket integration and failure analysis services in
China during the 1990s, says Kay Georgi, partner at the Arent Fox law
firm in Washington. Boeing acquired Hughes in the interim.

The problem was that the satellites themselves were commercial but the
launch vehicles are defense items and fell under the ITAR, Georgi says.
The process of integrating the satellites with the launch vehicles and
determining the causes of launch failure subjected the services to the
ITAR, she says.

In reaction to these investigations, Congress placed virtually all
commercial satellites and space equipment under ITAR controls, Georgi says.

The most high profile of fines hit ITT Corp. in 2007, she says.

ITT was charged with illegally transferring classified and
export-controlled, night-vision technology to foreign countries,
according to a Department of Justice (DOJ) letter from John Brownlee,
U.S. Attorney for the Western District of Virginia on the ITT case. The
company had to plead guilty to two felony charges and pay $100 million
in fines and forfeitures, according to the DOJ release.

ITT had to pay $100 million in fines forfeitures�$20 million fine to the
Department of State (DOS), $2 million statutory fine as part of the
guilty plea; $28 million forfeiture to the U.S. government�some of which
will be shared with state, local, and federal law enforcement agencies
for their work during this investigation and �$50 million in restitution
to the victims of their crimes� the American soldier,� stated the DOJ
document.


In 2008 Lockheed Martin was fined for providing classified and
unclassified technical data related to the Hellfire missile to the
United Arab Emirates.


DOJ suspended the $50 million fine for five years, during which ITT must
invest and develop night vision technology for the U.S. military and the
U.S. government maintains �Government Purchase Rights� to all technology
developed�meaning the government can share any of the ITT technology
with competing defense contractors for future contracts, the DOJ
document states. The money spent on the technology must also be approved
by the U.S. Army Night Vision & Electronic Sensors Lab in at Fort
Belvoir, Va. Any of the $50 million unspent after five years must be
paid to the U.S. government.

In 2008 Lockheed Martin and Northrop Grumman were also charged with
major ITAR violations. More information on ITT, Lockheed Martin, and
Northrop Grumman can be found on the State Department website at
http://www.pmddtc.state.gov/compliance/consent_agreements.html.

In 2008 the Department of State charged Lockheed Martin Corp. with
violations of the Arms Export Control Act and the ITAR for providing
classified and unclassified technical data related to the sales of
Hellfire missiles to the United Arab Emirates in 2003�2004.

The letter states that Lockheed Martin officials had thought that
�because the UAE already possessed inventory of the missiles an export
license to export the associated technical data (i.e., performance
specifications) must have already been in place.� The State Department
letter also states that Lockheed Martin took �steps to secure the return
of the classified material to the U.S.�

According to the State Department Order document Lockheed Martin had to
pay a civil fine of $4 million and provide full disclosure to the State
Department DOS.

Also in 2008 Northrop Grumman was nailed for unauthorized export of
controlled parts and technology for commercial inertial navigation
units, according the State Department Web site. According to the State
Department Order document on the website Northrop Grumman was ordered to
pay a civil fine of $15 million and an additional $5 million in remedial
compliance measures.

--
James M. Atkinson
President and Sr. Engineer
"Leonardo da Vinci of Bug Sweeps and Spy Hunting"
http://www.linkedin.com/profile/view?id178662
Granite Island Group
jm..._at_tscm.com
http://www.tscm.com/
(978) 546-3803

Received on Sat Mar 02 2024 - 00:57:22 CST