Presenting a live 90-minute webinar with interactive Q&A Export Controls and Cloud Computing: Legal Risks Complying with ITAR, EAR and Sanctions Laws When Using Cloud Storage and Services TUESDAY, APRIL 2, 2013 1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific Today’s faculty features: Thaddeus R. McBride, Partner, Sheppard Mullin Richter & Hampton , Washington, D.C. Marynell DeVaughn, Vice President & Associate General Counsel, Alliant Techsystems , Arlington, Va. Scott W. Jackson, Director, International Trade Compliance, Pratt & Whitney , East Hartford, Conn. The audio portion of the conference may be accessed via the telephone or by using your computer's speakers. Please refer to the instructions emailed to registrants for additional information. If you have any questions, please contact Customer Service at 1-800-926-7926 ext. 10 .
Sound Quality If you are listening via your computer speakers, please note that the quality of your sound will vary depending on the speed and quality of your internet connection. If the sound quality is not satisfactory and you are listening via your computer speakers, you may listen via the phone: dial 1-866-320-7825 and enter your PIN when prompted. Otherwise, please send us a chat or e-mail sound@straffordpub.com immediately so we can address the problem. If you dialed in and have any difficulties during the call, press *0 for assistance. Viewing Quality To maximize your screen, press the F11 key on your keyboard. To exit full screen, press the F11 key again.
FOR LIVE EVENT ONLY For CLE purposes, please let us know how many people are listening at your location by completing each of the following steps: In the chat box, type (1) your company name and (2) the number of • attendees at your location Click the word balloon button to send •
Export Controls and Cloud Computing: Legal Risks Strafford Publications Webinar April 2, 2013 Marynell DeVaughn Thad McBride Scott Jackson
5 Agenda • Importance of compliance • What is cloud computing • Relevant regulatory regimes • Risk mitigation • Questions / discussion 5
6 Importance of Compliance
7 Importance of Compliance • Broad jurisdiction • Significant penalties • Vigorous enforcement 7
8 Broad Jurisdiction • U.S. law covers exports of U.S.-origin products and parts, wherever located • Action anywhere in the world that causes a violation of U.S. sanctions is itself a violation 8
9 Penalties • Civil and criminal fines • Im prison ment • Denial of export privileges 9
10 Vigorous Enforcement • The Departments of Commerce, Justice, State, and Treasury are actively pursuing violators of U.S. trade controls laws • In addition to penalties, there may be: seizure and forfeiture of goods prohibition of export of goods to a violator possible reputational damage 10
11 What is Cloud Computing?
12 Cloud Computing Definition Investopedia explains … Cloud computing is so named because the information being accessed is found in the "clouds", and does not require a user to be in a specific place to gain access to it. Companies may find that cloud computing allows them to reduce the cost of information management , since they are not required to own their own servers and can use capacity leased from third parties. Additionally, the cloud-like structure allows companies to upgrade software more quickly.
13 The Cloud defined . . . Simple The “cloud” in cloud computing can be defined as the set of hardware, networks, storage, services, and interfaces that combine to deliver aspects of computing as a service. Cloud services include the delivery of software, infrastructure, and storage over the Internet (either as separate components or a complete Image courtesy of webretina.com platform) based on user demand. Source: Cloud Computing For Dummies
14 The Cloud defined . . . Simpler http://www.youtube.com/watch?v=W4FlVgb64WY&feature=relmfu
15 The Cloud defined . . . Best Cloud Computing is the ability to use the power of other computers ( located somewhere else ) and their software, via the Internet (or sometimes other networks), without the need to own them. They are being provided to you, as a service . Source: http://gnoted.com/what-is-cloud-computing-simple-terms/
16 @Tokyo Data Center Basic facts: • Located in Koto-Ku, Tokyo • One of world’s largest • 1.4 million sq. ft. • Virtually 100% dedicated to server racks
17 Types of Cloud Services • Private Cloud ▫ Cloud infrastructure operated solely for a single organization ▫ May be managed internally or by a third-party and hosted internally or externally • Public Cloud ▫ Available to general public for free or on a pay-per-use model ▫ Access usually only via Internet • Hybrid Cloud ▫ Composition of two or more clouds that remain unique entities but are bound together ▫ Benefit of multiple deployment models Source: Wikipedia
18 Relevant Laws
19 Dual Use Exports • Items designed for commercial purposes • Licensing requirement is based on the item, destination, end- user, and end-use • Relevant law: Export Administration Regulations (EAR) • Regulator: U.S. Department of Commerce, Bureau of Industry and Security (BIS) • Jurisdiction follows the item: Entities and individuals outside the U.S. may be liable for re-exports 19
20 Defense Export Controls • Controls on items and technology specifically designed or modified for a military purpose • License or other specific authorization required for virtually all exports of defense articles, technical data, and services • Relevant law: International Traffic in Arms Regulations (ITAR) • Regulator: U.S. Department of State, Directorate of Defense Trade Controls (DDTC) 20
21 ITAR/EAR: Definition of “Export” ITAR EAR Sending or taking a defense article Actual shipment or transmission of [i.e., any item or technical data] out of items [i.e., commodities, software, or the U.S. in any manner technology] out of the U.S. Disclosing or transferring technical Release of technology or software to a data to a foreign person, in the U.S. or foreign national in the U.S. or in a abroad foreign country Performing a defense service on Furnishing technical behalf of, or for the benefit of, a assistance/service to a foreign foreign person, in the U.S. or in a national in the United States or in a foreign country foreign country
22 ITAR/EAR: Technical Information and Services ITAR EAR Technical data - information … Technology - Specific information required for the design, necessary for the development, development, manufacture … production, or use of a product. The testing … or modification of a information takes form of technical defense article data or technical assistance Technical data - e.g., blueprints, Defense service - furnishing plans, diagrams, engineering assistance (including training) to designs foreign persons…in the design, development, etc. of a defense Technical assistance - e.g., skills article; furnishing technical data to training, instruction, working foreign persons knowledge, consulting services ... may involve transfer of technical data
23 Economic Sanctions • Relevant Law: approximately 25 different U.S. sanctions regulations • Regulator: U.S. Treasury Department, Office of Foreign Assets Control (OFAC) 23
24 Sanctions (cont.) Jurisdiction over all U.S. persons • All U.S. citizens and residents, wherever located • All U.S.-organized, incorporated companies or entities • All persons in the United States, regardless of nationality • In case of Cuba and Iran, non-U.S. entities owned / controlled by a U.S. person also are subject to U.S. jurisdiction 24
25 Sanctions (cont.) Facilitation / Export of Services • U.S. person cannot facilitate or otherwise support activity that would be prohibited if performed by U.S. person • Providing a service anywhere may be prohibited if benefit of service is received by sanctioned party 25
26 Sanctions (cont.) IMPORTANT POINT: There can be liability for any person, regardless of nationality, who causes a violation 26
27 Regulatory Language on Cloud Computing • No definition of cloud computing in the relevant regulations -- Commerce-EAR, State-ITAR, or Treasury-OFAC regulations • Only Commerce Department (BIS) has provided official written advice through two Advisory Opinions • January 2009 • January 2011
28 BIS Advisory Opinion 1 – Jan 13, 2009 • Requested clarification regarding application of the EAR to grid and cloud computing services. • BIS Response: ▫ Providing computational capacity services is NOT an export and therefore NOT subject to the EAR. ▫ Shipping or transmitting software that is subject to the EAR to a foreign destination or to a foreign person IS an export subject to the EAR. ▫ Shipping or transmitting technology that is subject to the EAR to a foreign destination or to a foreign person (technical manuals, instructions, etc.) needed to use the computational service is an export subject to the EAR. ▫ Exporting controlled software or technology to and from the cloud is subject to the EAR. ▫ Because the service provider does not receive “primary benefit from the transaction”, NOT considered the exporter. ▫ The cloud USER is generally NOT the exporter because not located in the U.S.
Recommend
More recommend
