Calif.--Lend your smartphone to a friend, go to jail. Well, it's not quite
that drastic, but if that friend is a foreign national, the very act of handing
that phone over can violate U.S. technology-export compliance laws.
That's just one
of the sobering anecdotes that Larry Disenhof dishes out during his presentations
on the complex, sometimes arcane, but deadly serious world of export control
regulations. Disenhof, Cadence Group Director, Export Compliance & Government Relations, gave members of the EDAC
Consortium his latest
overview Wednesday (Sept. 18) here. (The presentation will be available on the EDAC
site, registration required).
Export Compliance Overview
anecdote: Disenhof (pictured right) made clear at the top of his presentation that information
he presents is subject to export review, depending on its content and who's in
"It's my job to know that I'm not
going to hand over technology, either verbally or whatever, to someone if it
cannot go to their country of citizenship. And this affects us every day of the
week because many of us have engineers working for us in the valley on H1B
visa. We need to understand what technology we're handing to them. If we do it
wrong, it's an export violation."
Not knowing is
costly: Fines start at $250,000.
"It adds up
very quickly, and I can tell you your legal fees are going to be 2-3X what your
fines are," Disenhof told the audience.
Here are some
highlights from Disenhof's detailed 90-minute presentation, starting with the
difference between export control and restriction. Disenhof said every
technology is controlled but few are restricted. Disenhof holds up his Logitech
wireless controller and notes that it's controlled if it's destined for a
country that the U.S. has sanctioned.
views on bureaucracy, export compliance is no laughing matter. Consider the case of Sixing
"Steve" Liu. The software engineer went through export compliance training at
his company, packed up some software and went to Shanghai for a trade show. He
was stopped at the Newark Airport upon return when customs officials noticed
the trade show logo among his belongings. He's doing six years in jail.
company is off the hook because the company had him take compliance
training," Disenhof said.
broadly speaking there are four main areas to focus on:
the nature of the technology you're handling and transferring, whether it's
physical or virtual
your end user
the end use
In the last
situation, consider Disenhof's example: If you're selling components to an Israeli
company whose product will end up in a missile that can travel more than 300km,
you need a license to sell your technology to that subcontractor. (Curiously,
you don't need the license in the same scenario when it involves a Russian
It's All About the Details
you buy a company, you need to screen it for export compliance because you buy
the violations if the company is out of compliance.
close attention to the notion of "deemed export" when releasing data
to a foreign national. At the time of
transfer, an export to their country of citizenship is "deemed" to take place. "This has become a big deal,"
Disenhof said because so many companies employ foreign nationals in customer
that make encryption technology (above 55 bit) that falls into restricted
categories needs to send reports to the U.S. every six months regarding where
they've shipped the technology (unless shipping intra-company). (Good news for EDA vendors is that
encryption that protects design software from piracy is not subject to export
control laws, thanks to some effective industry lobbying efforts 10 years ago).
As an aside on
the controversy over NSA surveillance of mobile phones and other digital
technologies, Disenhof said:
"Maybe we in the export world didn't
communicate this well enough but every time you register an encryption product
to get a license or just register that this product exists, one of the things
you have to do is send the NSA directly details about what that encryption
technology is. And this has been the law for dozens of years. There's no
surprise to any of us export people that they know all this stuff."
can be restricted items. "A lot of people are taking their IP, throwing them on
FPGAs and shipping them to customers," Disenhof said. "FPGA is restricted
technology because it can reprogrammed in the field, and the government doesn't
know what it's going to be."
submicron technology (14nm process technology for example) is not controlled. "When
you're talking to TSMC or GLOBAL FOUNDRIES about their process technology, the
funny thing is it's not controlled," Disenhof said. "It's what you're
doing with it that matters."
These are just
some of the highlights. Disenhof's presentation and a video of his talk will be
available on EDAC's site soon, and it's definitely worth your time. His slide
presentation is an excellent primer packed with links to relevant information
and sites for anyone responsible or concerned about whether his/her company is
following export control laws properly.
As a late
colleague of mine used to say, "nothing beats knowing."
--Moto X; Noyce Quits; China’s Chromecast (Great Reads 8-2-2013)
--Interview with Lip-Bu Tan, Part 1 – How Cadence is Positioned to Build Upon Success
--Interview with Lip-bu Tan, Part 2: Energizing the Electronics Industry