Categories
Export Control

Shenyang Institute of Automation (SIA) added to U.S. Government “Entity List”

The US government added the China Academy of Science – Shenyang Institute of Automation (SIA), to its “Entity List,” effective June 30, 2022. This action prohibits exports of any items, technology or software that is subject to the US export administration regulations.  This is a very broad prohibition. No license exceptions are applicable to potential exports to the Shenyang Institute, and license applications will be reviewed with a presumption of denial.

The action was taken because SIA both acquired and attempted to acquire U.S.-origin items in support of military applications, contrary to the national security or foreign policy interests of the United States. According to SIA’s website:

SIA is a comprehensive research institute. Its 11 research departments are devoted, respectively, to robotics, oceanic engineering, space automation and technology, optoelectronic technology, intelligent detection and equipment, information services and intelligent control, equipment manufacturing technology, industrial control networks and systems, autonomous underwater vehicles, and digital factories.

SIA is the supporting institute for over 10 national and provincial key laboratories and engineering centers, including the National Engineering Research Center on Robotics, the State Key Laboratory of Robotics, and the CAS Key Laboratory for Networked Control Systems.  […]

Since 1985, SIA has established exchange and collaboration programs with universities, research institutes and high-tech companies in the United States, Russia, Japan and various European countries. Nearly 100 SIA researchers travel abroad annually to participate in various exchange activities. The institute also actively recruits overseas talent to conduct research at SIA under the CAS Thousand Talents Program, the CAS Hundred Talents Program, and the CAS Visiting Professorship for Senior International Scientists Program, among others.

Please contact export@gmu.edu if your current research collaborations or proposed research collaborations involve SIA or the laboratories and engineering centers it supports, or if you are planning to invite a visitor to Mason from SIA, so we can help you navigate the new federal restrictions.

https://www.bis.doc.gov/index.php/documents/federal-register-notices-1/3043-public-display-version-of-entity-list-rule-on-public-display-and-effetive-6-28-22-scheduled/file

Categories
Export Control

BIS Assistant Secretary for Export Enforcement speaks at 2022 NACUA Annual Conference

FOR IMMEDIATE RELEASE
Bureau of Industry and Security

Office of Congressional and Public Affairs
Media Contact: ocpa@bis.doc.gov

Assistant Secretary for Export Enforcement Matthew S. Axelrod at the National Association of College and University Attorneys 2022 Annual Conference 

Pittsburgh, Pennsylvania
June 28, 2022

Export Enforcement Academic Outreach Initiative Policy Memo Available online here: https://bis.doc.gov/index.php/documents/enforcement/3040-academic-outreach-initiative-policy-memo-final/file

Remarks as Prepared for Delivery

Thank you, Ona, for that kind introduction. And thank you to the National Association of College and University Attorneys for hosting me today.  It’s terrific to be with all of you here in Pittsburgh.

In 1999, my wife, who had just graduated from business school, joined a small tech start-up in Cambridge, Massachusetts.  When friends and family would ask what the company did, she would dumb it down for them, saying simply, “we make websites download faster.”  Today, that explanation might not resonate.  But back in 1999, websites didn’t load instantly.  And the more photos or graphics they had, the longer they took.  So, the ability to make websites download faster was something even my parents could understand.  It was a service that was quickly adopted by some of the biggest websites in the country – sites like CNN and Yahoo.  And today, twenty-plus years later, that small start-up, Akamai Technologies, is the largest content delivery network in the world.

Akamai’s story is a profoundly American story.  A start-up venture with innovative technology that meets a pressing customer need, which grows over time into a major industry player.  But it’s a profoundly American story in another way as well – none of it would have ever happened if it weren’t for the collaborative environment of the American research university.

Akamai only exists because MIT exists.  It only exists because one MIT professor, Tim Berners-Lee, the inventor of the World Wide Web, challenged other MIT professors to see if they could help address the problem of slow Internet download speed.  It only exists because a MIT applied mathematics professor, Tom Leighton, then collaborated on that problem with his graduate students, one of whom, Danny Lewin, helped him come up with algorithms that routed web traffic more efficiently.  And it only exists because Leighton and Lewin then collaborated with a MIT business school student, Jonathan Seelig, to create a business plan to commercialize the algorithms.  They entered that plan in the business school’s annual $50K entrepreneurship contest.  They didn’t win the contest, but they did well enough to attract venture capital funding that turned the business plan into Akamai Technologies, a company that later went public with a market cap of over $13 billion.

I tell you that story not because it’s singular.  On the contrary, I tell it because it’s emblematic of the contributions of both professors and students, in collaboration, to incubate innovative ideas and entrepreneurial solutions.  Academic research institutions are a fundamental component of the scientific and technological success that forms the foundation of the American economy.  Our colleges and universities are where life-saving medicines are developed, scientific breakthroughs are made, and revolutionary technologies are invented.

That innovation is driven by this country’s open and collaborative academic environment. That open environment ensures that the best minds – from both the United States and abroad – can collaborate and share ideas.  We want international students to study here because a diverse, international talent pool strengthens our economic and technological competitiveness.  By some estimates, immigrants account for a quarter of the inventions and entrepreneurship that occur in the United States.  What’s more, it’s estimated that, during the 2020-2021 academic year, international students studying at U.S. colleges and universities contributed $28.4 billion to the U.S. economy and supported more than 300,000 jobs.

At the same time, however, this open collaborative environment at our academic research institutions can create important vulnerabilities to our national security.  American research universities aren’t just the envy of the world, they’re the envy of the parts of the world we consider adversaries.  Our foreign adversaries know how successful our research universities are at developing the latest and greatest technologies, or medicines, or scientific innovations.  They also know that, given the multitude of disciplines, heterogeneous makeup of professors and students, and open collaborative environment, a university’s technology and research controls may not be as robust as those of a for-profit corporation – even though the research being conducted at universities can be just as valuable (if not more so) as that being done at companies. In a world where even the most sensitive and valuable research can be exported with the click of a button, our research universities unfortunately present inviting and potentially vulnerable targets.  And it’s that tension – between the genius of our collaborative university research environment and the national security challenges that environment can present – that I want to explore with you today.

This year marks the 40th anniversary of the Bureau of Industry and Security’s Office of Export Enforcement, or OEE, which – thanks to President Biden, Secretary Raimondo, and the United States Senate – I now have the honor to oversee. For forty years, OEE Special Agents, aided by our intelligence analysts and export compliance specialists, have been on the frontlines of protecting U.S. national security, ensuring that sensitive U.S. goods and technologies aren’t falling into the wrong hands.  For much of those forty years, the focus was primarily on physical goods:  commodities capable of civilian use but also capable of use in conventional weapons or in weapons of mass destruction, such as nuclear weapons, missiles, and chemical or biological agents.

As the pace of technological development has increased, however, the national security threat has evolved – and so too have our areas of focus. While traditional threats of conventional arms and the proliferation of weapons of mass destruction remain ever-present, new and emerging technologies have now joined them as primary areas of concern for us.

Each year, the Office of the Director of National Intelligence, or ODNI, publishes the Intelligence Community’s Annual Threat Assessment, which details ODNI’s view of the gravest national security threats faced by the United States. In its most recent 2022 report, ODNI identifies the “rapid development of destabilizing technologies” as one of the “transnational challenges [that] stand out for the clear and direct threats they will pose to U.S. interests during the coming years.”  As the report further explains, “The increasing convergence of seemingly unrelated fields and the rise of global competition to generate and lock in advantage are leading to a global diffusion of emerging technologies, shrinking timelines for development and maturation of technologies, and increasingly blurred lines between commercial and military endeavors, particularly in fields with broad impact across societies and economies, such as artificial intelligence (AI), biotechnologies, robotics and automation, and smart materials and manufacturing.”

What this means is that technological development done at our research universities – work that can lead to the formation of companies like Akamai – can also increasingly lead to national security risks, especially because it can sometimes be difficult to determine the potential nefarious end uses of these nascent technologies until they are actually leveraged by malign foreign actors.  If we can’t effectively identify, control, and safeguard these emerging and potentially disruptive technologies, real national security risks result.

Let’s start with just one of those technologies, artificial intelligence, to illustrate the challenge.  AI technology has rapidly spread worldwide.  It has improved how we integrate information, analyze data, and make decisions.  Government, academia, and industry have all experienced its benefits.  Like all tools, however, AI can also be put to harmful uses.  AI-enabled surveillance tools have been developed that can monitor, track, and surveil people, thereby allowing authoritarian regimes to violate their citizens’ human rights.  There have been shocking headlines that describe how Chinese authorities have installed invasive mass-surveillance software in the Xinjiang province to track members of the Uyghur Muslim minority and map their relations with friends and families.  Other stories recount how Russian authorities are ramping up the use of AI in facial recognition technology to track opposition protesters to their homes and arrest them.

While these examples may seem distant from the research occurring on your campuses, some of the AI companies behind these tools of repression, companies such as iFlytek and SenseTime, have past ties to U.S. research universities.  Both companies are now on the Commerce Department’s Entity List, a list of parties that an interagency group has determined pose a significant risk of being involved in activities contrary to U.S. national security or foreign policy, and which means they can no longer easily access U.S. goods or technologies. But even before that legal hurdle was put into place, these companies were risky to deal with.  Risky because of their connection to Chinese military, intelligence, and police organizations.  But also risky to the reputations of universities who chose to engage with them.

And it’s not just AI where universities face potential reputational and legal risk when working with foreign parties on the latest technologies.  We had a recent case where a U.S. university received a grant from the National Science Foundation to establish a partnership with a foreign company, called CloudMinds, to develop a deep learning laboratory – that is, a laboratory that explores machine learning to analyze large data sets and develop prediction models.  While CloudMinds may have seemed innocuous at first, its products were later identified in open-source materials as directly supporting China’s military modernization efforts.  What’s more, the company’s owner had an associated company that was described as the Chinese government’s answer to DARPA, our defense agency that invests in technology development for national security purposes.  Once we informed the university of the national security risk, the university took steps to end the collaboration.  CloudMinds too is now on our Entity List.

Partnerships like this are just one of the ways foreign adversaries can attempt to gain access to cutting-edge research developments. Another involves attempts to exploit known relationships between U.S. universities and government research entities, such as Department of Defense-supported University Affiliated Research Centers, or UARCs.  UARCs – strategic DoD research centers affiliated with a university – are often where the emerging technologies of tomorrow are being incubated.  These nonprofit organizations are tasked with maintaining essential research and developing core capabilities in areas of particular importance to national defense.  DoD has been cataloguing unsolicited requests to UARCs made by foreign researchers, and by foreign-entity-linked shell companies here in the United States, for information about emerging technologies being developed at UARC facilities.  DoD has then been mapping those requests back to our adversaries’ strategic military technology gaps to see where there is overlap between those gaps and the information requests.  The preliminary results have been both illuminating and concerning given the volume of solicitations they’re seeing and the tactics that are being used to obscure foreign military affiliations.  For those of you whose institutions support UARCs, these dynamics raise particular challenges in implementing an effective compliance program over a broad swath of research activities and university personnel.

So now that I’ve attempted to describe the risks – both to your institutions and to our national security – what can we collectively do to help mitigate them?

The good news is that the vast majority of technology released in an academic setting is not subject to the Export Administration Regulations, or EAR, because it is released as part of classroom instruction or constitutes information that is tied to fundamental research.  While certain inputs to, and results of, fundamental research may be subject to the EAR, most information that is tied to fundamental research – basic and applied research that is ordinarily published and shared broadly within the scientific community – is not.

What those of us at Export Enforcement are particularly concerned about is proprietary research.  Proprietary research, which consists of research restricted from publication because it is considered confidential from a business or national security perspective, is generally controlled for either traditional export or “deemed export” purposes.  While a traditional export involves sending technology from the United States to another country, a “deemed export” involves the transfer of technology within the United States to a foreign national or non-permanent U.S. resident, through things like a briefing or hands-on laboratory research.  Under the EAR, if a license would have been required to send that technology to another country, then a “deemed export” license is generally required to release such technology in the United States to a professor, student, or visitor whose most recent citizenship or permanent residency is in a foreign country.

To minimize risk, academic research institutions need to have a sophisticated understanding of the EAR and how these rules apply to professors, students, staff, and visitors.  I highly encourage you to develop an Export Management Compliance Program, or EMCP, if you haven’t already done so.  Our Office of Exporter Services is available to advise you on the creation and implementation of EMCPs that are tailored to your specific needs.

Having an effective EMCP will help you integrate export control requirements into everyday operations, which in turn helps minimize risks of violations.  One key element of an EMCP involves a Technology Control Plan to safeguard sensitive information from unauthorized release.  Another is conducting a risk assessment before engaging with foreign parties, starting with the screening of those parties against the U.S. Government’s Consolidated Screening List – a list that, as the name suggests, combines all export-restricted parties identified by the Departments of Commerce, State, and Treasury in one place. In one past case of ours, a U.S. university was fined for exporting an atmospheric testing device to the Pakistan Space and Upper Atmosphere Research Commission, which was on the Entity List due to its involvement in Pakistan’s nuclear and missile activities.  Because of that Entity List status, the university was prohibited from shipping the device without a license, something the university could have easily determined had it conducted a screening check.

Another key element of an effective EMCP is having a system of information barriers and access controls in place to guard against the inadvertent release of controlled software or technology to specific faculty, staff, students, or visitors without the requisite license.  Examples of such information barriers include physical locks and access procedures for entrance to research areas with controlled technology, as well as restrictions on access to controlled electronic files and software using personal identification verification cards and passwords.

So those are a few suggestions for what you can do on your end.  But what about my end?  What can those of us at the Department of Commerce do?

The challenges of keeping our academic research environments thriving and our controlled information secure from improper foreign acquisition are significant.  That’s why I’m announcing today a new Export Enforcement initiative to help academic research institutions protect themselves from these threats.  This new “Academic Outreach Initiative,” which is described in further detail in a policy memorandum that I sent earlier today to all Export Enforcement personnel, and which we are also making public, contains four lines of effort:

First, we will strategically prioritize engagement.  While we are always available to any research university that wants our assistance, we will be specifically prioritizing for engagement those universities whose work has resulted in an elevated risk profile.  These are institutions that: (1) are involved in research and development for the U.S. Department of Defense; (2) have ties to foreign universities that are on the Entity List; or (3) are conducting research in sensitive technologies subject to the EAR (for example, applied laboratories conducting proprietary research on emerging technologies).

Second, we will assign “Outreach Agents” for prioritized institutions.  For prioritized universities that wish to partner with us, we will assign Export Enforcement agents to serve as “Outreach Agents,” so that each prioritized university has a dedicated point of contact.  Outreach Agents will seek to establish long-term partnerships with universities to help them prevent unauthorized exports, including improper releases of technology or source code.  Outreach Agents will seek to meet regularly with their university counterparts, not less than once per quarter.

Third, we will offer background briefings.  We know that research universities often benefit from having strong working relationships with foreign university or industry partners.  Those relationships can be important sources of collaboration and innovation.  Sometimes, however, those foreign partners can have ties to foreign governments, or other foreign actors, about which the university is unaware.  Where appropriate, our Outreach Agents will seek to brief their partner universities on known national security risks associated with specific foreign entities.

And, fourth, we will offer trainings.  For prioritized research institutions, we will offer trainings on how export controls apply in academic settings and on applicable national security threats.  In addition, our Outreach Agents will offer hands-on training to help ensure those institutions know how to vet potential partners to determine connections to parties on the Entity List or that are otherwise of concern.  Our colleagues in BIS’s Office of Exporter Services will be available to advise on establishing and implementing tailored EMCPs.  And we will provide a list of resources to help administrators, professors, staff, and students comply with the export rules.

In short, we at Export Enforcement are committed to partnering with you to protect national security and to maintain U.S. leadership in innovation and collaboration.  We are hopeful that the four prongs of our Academic Outreach Initiative will empower colleges and universities to prevent unauthorized exports, including releases of controlled technology, and to make informed judgments about their future and ongoing partnerships with foreign universities and companies.

I said earlier that the story of Akamai is a profoundly American story.  There’s one additional aspect of Akamai’s early years that – unfortunately – is part of our American story as well.  Danny Lewin, the MIT graduate student I mentioned who helped discover the algorithm that became the “secret sauce” of Akamai’s technology, co-founded the company in 1998.  He died just three years later, on September 11, 2001.  He was a passenger on American Airlines Flight 11 – the first of the four planes to be hijacked that day.  Lewin, who had grown up in Jerusalem and served in the Israel Defense Forces before coming to MIT for graduate school, used his military training to attempt to stop the hijackers from taking control of the airplane.  He died trying as he became one of the first people the terrorists murdered that day.

The national security threats facing the United States are real and they are persistent.  And while they have morphed significantly since that tragic day in 2001, they have not diminished.  They continue to demand our collective attention and resilience, for colleges and universities perhaps in a way even greater than ever before.  Twenty years after 9/11, the current ODNI threat assessment, which I referenced earlier, no longer lists terrorism as the preeminent national security threat.  Instead, it assesses that the most significant threats now come from nation-state actors – China, Russia, Iran, and North Korea foremost among them.  And because of the resources and strategic vision of these countries, they represent the most sophisticated threats to technology protection we have seen in OEE’s forty years of existence – including the protection of technology developed at your research institutions.

Thank you to NACUA for inviting me here today and to all of you for your work in keeping your institutions vibrant and secure.  It is my hope that BIS can serve as a resource to you going forward, to help protect the security of your institutions’ research while continuing to support the incredible innovation and collaboration for which our universities are deservedly renowned.

I’d be happy to take your questions.

Categories
Export Control

New Restrictions on the Export of Cybersecurity Items

The Commerce Department has placed new restrictions on the export of certain cybersecurity items that can be used for malicious cyber activities, including software, hardware, and technology specially designed to generate, command and control or deliver “intrusion software” as well as certain IP network communications surveillance tools.  These new restrictions are complex, and the determination of whether an item can be exported or shared with a foreign person depends upon the item, the destination, the end-user, and the end-use of the equipment.

  • Intrusion software refers to software that can avoid or defeat network-device monitoring tools and protective countermeasures and can either extract or modify data or modify a program to allow for externally provided instructions. The definition of intrusion software does not include hypervisors, debuggers and Software Reverse Engineering (SRE) tools; Digital Rights Management (DRM) software; and software designed to be installed by manufacturers, administrators or users, for the purposes of asset tracking or recovery.
  • IP network communications surveillance systems or equipment do not include those that are specially designed for marketing purposes, quality of service (QoS), or quality of experience (QoE).
  • The use of the terms “command and control” relating to this type of hardware is meant to narrowly control products only when used maliciously.

For more information see the Commerce Department’s FAQs: https://www.bis.doc.gov/index.php/documents/pdfs/2872-cyber-tools-le-ace-faqs-final-version-nov-2021/file

Under the new restrictions, an export license or license exception would be required for exports of such items to most countries, and no exports would be permitted to Cuba, Iran, North Korea or Syria.  There are also restrictions for exports to government and non-governmental end-users in several countries under various circumstances.  Finally, exports are not permitted where there is knowledge or reason to know that the cybersecurity item will be used to affect the confidentiality, integrity or availability of information or information systems without authorization of the owner, operator, or administrator of the information system.

The rule provides several carve-outs for certain legitimate cybersecurity technologies and activities, including those related to the provision of basic software updates and upgrades, vulnerability disclosure, cyber incident response, and for certain legitimate network monitoring tools.

If you need to ship or hand carry such equipment outside the U.S. or need to share technology associated with such equipment with foreign persons in the U.S., please contact export@gmu.edu so that we can provide you with guidance, maintain the proper documents for federal recordkeeping requirements, and, if required, assist with obtaining an export license.  Remember that, even if your projects are considered fundamental research, the export regulations still apply if you need to ship or hand carry equipment outside the U.S.

Categories
Export Control

Group People-to-People Educational Travel to Cuba Authorized

Effective June 9, 2022, the U.S. Government authorized group people-to-people educational travel to Cuba under certain, required conditions. Some of those conditions include engaging in a full-time schedule of activities that are intended to enhance contact with the Cuban people, support civil society in Cuba, or promote the Cuban people’s independence from Cuban authorities and will result in meaningful interactions with individuals in Cuba. Please note that individual people-to-people travel to Cuba is not authorized, nor are tourist activities.

Contact export@gmu.edu for more information or to discuss proposed travel. Specific requirements must be met to use this authorization, and the U.S. Government has documentation and recordkeeping requirements. Our office will help determine and document whether the proposed travel qualifies.

Categories
Export Control

DUO to Block Access to Countries or Regions Subject to U.S. Economic Sanctions

Starting May 5, 2022, DUO plans to block access to its service when it is accessed from countries or regions subject to U.S. economic sanctions, and to some countries, such as Sudan, that are no longer subject to sanctions.  These are the countries/regions where DUO will be restricting access, effective May 5th:

  • Cuba
  • North Korea
  • Iran
  • Sudan
  • Syria
  • Ukraine – regions including
    • Crimea region
    • Donetsk region
    • Luhansk region
    • Sevastopol region

Once DUO blocks service, users in these regions will see a DUO error message: “Access denied. DUO Security does not provide services in your current location.”

With DUO now required for access to Blackboard and Patriot Web (and any other University service that requires DUO authentication), individuals who travel to these countries/regions will not be able to use these services after May 5th.

If you are a student or faculty member who may be affected by DUO’s new blocking policy, please be aware of this issue if you intend to travel home for summer break and take appropriate actions before departing.  For students, if you are registered for Fall 2022 classes, you will not be able make changes to your classes via Patriot Web until you return to campus.

We have reached out to the Registrar’s office and the Office of International Programs and Services to let them know of this development so that they can assist affected students.

For questions, please contact export@gmu.edu.

Categories
Export Control

February 2022 Sanctions on Russia, Belarus, and several regions of Ukraine

In late February 2022, Eastern European political tensions intensified with the invasion of the Russian military into Ukrainian territory. Many international authorities have widely condemned these actions and have responded by issuing new sanctions with the intent to deter further escalation.  The United States has imposed sanctions on Russia, Belarus, and several regions of Ukraine, and on a number of companies and individuals.

Please contact our office at export@gmu.edu if your work involves any of the geographic regions covered by these new regulations.

On February 21, the White House issued an Executive Order that imposed comprehensive economic sanctions against the Donetsk (DNR) and Luhansk (LNR) regions of Ukraine. These areas are the easternmost regions of Ukraine, and were newly recognized as independent states by President Putin – coinciding with motivations to bring under the Russian government’s sphere of influence. This means that U.S. persons, and parties physically located in the United States, are now prohibited from exporting or importing any goods, services, or technology to these regions or to individuals in these regions. It also limits the facilitation of financial transactions.

On February 24, the United States then issued new economic sanctions and export controls against Russia in order to limit the ability to acquire advanced technologies. These controls apply broadly to a wide range of items including semiconductors, telecommunication, encryption security, lasers, sensors, navigation, avionics and maritime technologies.  The U.S. Government has expanded the export licensing requirements for Russia and has instituted a presumption of denial for these license requests.

On March 2, the restrictions levied against Russia were also expanded to include Belarus.

Additional Information:

https://home.treasury.gov/news/press-releases/jy0602

https://public-inspection.federalregister.gov/2022-04300.pdf?utm_source=federalregister.gov

Categories
Export Control

New Restrictions on the Export of Cybersecurity Items

The Commerce Department has placed new restrictions on the export of certain cybersecurity items that can be used for malicious cyber activities, including software, hardware, and technology specially designed to generate, command and control or deliver “intrusion software” as well as certain IP network communications surveillance tools.

  • Intrusion software refers to software that can avoid or defeat network-device monitoring tools and protective countermeasures and can either extract or modify data or modify a program to allow for externally provided instructions. The definition of intrusion software does not include hypervisors, debuggers and Software Reverse Engineering (SRE) tools; Digital Rights Management (DRM) software; and software designed to be installed by manufacturers, administrators or users, for the purposes of asset tracking or recovery.
  • IP network communications surveillance systems or equipment do not include those that are specially designed for marketing purposes, quality of service (QoS), or quality of experience (QoE).
  • The use of the terms “command and control” relating to this type of hardware is meant to narrowly control products only when used maliciously.

For more information see the Commerce Department’s FAQs:

https://www.bis.doc.gov/index.php/documents/pdfs/2872-cyber-tools-le-ace-faqs-final-version-nov-2021/file

 

Under the new restrictions, an export license or license exception would be required for exports of such items to most countries, and no exports would be permitted to Cuba, Iran, North Korea or Syria.  There are also restrictions for exports to government and non-governmental end-users in several countries under various circumstances.  Finally, exports are not permitted where there is knowledge or reason to know that the cybersecurity item will be used for certain malicious activities without authorization of the owner, operator, or administrator of the information system.

The rule provides several carve-outs for certain legitimate cybersecurity technologies and activities, including those related to the provision of basic software updates and upgrades, vulnerability disclosure, cyber incident response, and for certain legitimate network monitoring tools.

These new restrictions are complex, and the determination of whether an item can be exported depends upon the item, the destination, the end-user, and the end-use of the equipment.  If you need to ship or hand carry such equipment outside the U.S. or need to share technology associated with such equipment with foreign persons in the U.S., please contact export@gmu.edu so that we can provide you with guidance, maintain the proper documents for federal recordkeeping requirements, and, if required, assist with obtaining an export license.  Remember that, even if your projects are considered fundamental research, the export regulations still apply if you need to ship or hand carry equipment outside the U.S.

Categories
Foreign Support

U.S. universities retain ties to Chinese universities that support Beijing’s military buildup, new report says

**REPOSTED FROM NBC NEWS**
Dan De Luce
December 10, 2021
https://www.nbcnews.com/politics/national-security/us-universities-retain-ties-chinese-schools-support-chinas-military-bu-rcna8249


The relationships are entirely legal and American universities often tout their ties to “sister” Chinese universities as an academic strength.

Dozens of U.S. universities maintain ties to Chinese universities that conduct defense research in support of Beijing’s military buildup, including work related to the country’s nuclear weapons program, according to a new report released Thursday.

The partnerships are part of a broader effort by China to leverage its access to U.S. research institutions to acquire technology and knowledge that could benefit its expanding military, according to the report by the Foundation for Defense of Democracies think tank.

But the relationships are entirely legal and American universities often tout their ties to “sister” Chinese universities as an academic strength, providing students and scholars with an educational opportunity to collaborate and learn about Chinese language and culture.

The think tank report does not provide new evidence that U.S. universities have failed to safeguard sensitive, national security-related research, but it argues that policy makers and university administrators need to take a closer look at relationships with Chinese universities linked to Beijing’s military-industrial complex.

The U.S. government should establish “legal and regulatory guardrails to neutralize China’s ability either to acquire foundational knowledge or to access more sensitive research being conducted on U.S. college campuses,” the report said.

China was focused not only on classified or sensitive material but all relevant information that could bolster its military and technological might, said Craig Singleton, the report’s author.

“While the U.S. government often twists itself into knots determining what is classified or unclassified, the Chinese government often sees little-to-no distinction. Instead, Beijing is focused on collecting and harnessing any and all useful information to power its defense modernization,” Singleton said. “This includes everything from foundational knowledge taught on U.S. college campuses to cutting edge research, much of which is not technically classified but still has potential military applications.”

China’s embassy in the U.S. rejected the accusation that Beijing was trying to exploit academic cooperation between U.S. and Chinese universities.

Education exchanges and cooperation have helped enhance “mutual understanding” and have been “mutually beneficial, above-board and beyond reproach,” Chinese embassy spokesperson Liu Pengyu told NBC News in an email. “We urge relevant people in the U.S. to respect basic facts and stop making irresponsible remarks.”

The report said that not all collaboration between U.S. and Chinese universities poses a risk, and that the main problem was linked to a relatively small number of Chinese institutions that are conducting defense research. Of China’s more than 3,000 universities, roughly 90, or less than three percent, have direct ties to the country’s military and security establishment, according to the report.

The report, citing public documents, said three universities, Arizona State University, the University of Utah and Pacific Lutheran University in Washington state, have partnerships with Sichuan University, which appears on a U.S. government blacklist for allegedly supporting China’s nuclear weapons program.

The Commerce Department’s entity list identifies Sichuan as an “alias” for a Chinese center overseeing nuclear weapons research, the China Academy of Engineering Physics (CAEP).

Sichuan hosts at least three defense labs that focus on nuclear science and technology, physics and material sciences, according to the report, which cited public documents from China.

The University of Utah plans to “sunset” its Confucius Institute with Sichuan in June 2023, when the current contract expires, said university spokesperson Chris Nelson.

 But the university has not had any concerns about the institute “being a hub for espionage or propaganda,” Nelson said. The institute was initiated by former Utah governor Jon Huntsman after he finished his tenure as ambassador to China, Nelson added.

Other universities maintain ties to Chinese institutions linked to nuclear weapons research, according to the report.

Since 2014, the University of California at Santa Barbara has had a partnership with Shandong University, which works on China’s nuclear weapons program, according to the report.

A spokesperson for UC Santa Barbara said the school closed its Confucius Institute in June and “has no current or planned collaborations, partnerships or affiliations with Shandong University.”

Pacific Lutheran and Arizona State universities did not respond to requests for comment.

Stanford University has an agreement with Peking University, which has close links to the China Academy of Engineering Physics, a center for nuclear weapons research. Peking established a center with CAEP in 2017 on applied physics, and has acknowledged the center serves China’s defense goals, the report said.

A Chinese defense industrial agency has recognized Peking University’s work in nuclear physics, nuclear technology and nuclear chemical engineering as supporting China’s defense industry, according to the report. Peking University signed a strategic cooperation agreement with the Chinese navy in 2013.

Stanford University defended its partnership with Peking University, which includes a campus in China.

“We are vigilant to concerns about U.S. national security and our international engagement is guided by university policies and in compliance with federal regulations,” said Dee Mostofi, spokesperson for Stanford.

The Confucius Institute at Stanford, part of its partnership with Peking University, focuses on Chinese art, literature, history and culture, according to Mostofi. The institute operates without restrictions or influence by the Chinese government over personnel or the content of instruction, the spokesperson said.

The institute was set up with a one-time irrevocable gift from the Office of Chinese Language Council International and the university does not rely on any annual contributions from China, Mostofi said. “Because their contribution is an irrevocable gift, they have no leverage to infringe on academic freedom at Stanford, nor have they tried,” Mostofi said.

“Stanford continues to support the conditions that foster the discovery and dissemination of new knowledge, including the exchange of people and ideas with domestic and international collaborators,” she added.

China has funded the establishment of Confucius Institutes at college campuses across the U.S. and around the world, portraying them as a way to promote instruction in Chinese language and culture. But the U.S. government and lawmakers have labeled the institutes as vehicles for propaganda, and accused China of using the centers to restrict dissent among Chinese students abroad.

Congress has restricted Defense Department research funding for universities that host Confucius Institutes. The legislation and more scrutiny from politicians prompted the closure of dozens of institutes, with the number dropping from 113 to 34 since 2018, according to the report.

But among 78 universities that announced they were shutting their Confucius Institutes, 28 have maintained or expanded their relationships with Chinese sister universities, including many that have links to China’s defense industry, the report said.

Purdue University shut its Confucius Institute in 2019 but has kept its academic partnership with Shanghai Jiao Tong University (SJTU). The Chinese university hosts three defense laboratories, has an agreement with the Chinese military’s academy of military science for joint military research, and the dean and chief professor of its school of information security previously worked for the Chinese military, according to the report.

After receiving a briefing recently on the FDD report’s findings, Purdue reviewed its arrangements and canceled some of its programs with SJTU, including a doctorate-level program, according to the report.

“Several of the identified partnerships were either dormant or had not yet yielded any activity, and after extensive risk-based reviews, we formally terminated two agreements and shuttered a dual-degree program that had not yet begun accepting students,” Purdue University spokesperson Tim Doty told NBC News.

“Protection of national security is Purdue’s primary interest, and the university is a nationally recognized leader for its efforts in research security,” Doty said.

The university’s engagements were developed in accordance with U.S. government policies and regulations, and Purdue values its diverse international population of faculty, students and other scholars, he said.

He added, “We do not and will not hesitate to take action and exit any agreement which threatens national security.”

Texas A&M closed its Confucius Institute but has preserved its partnership with China’s Ocean University. The Chinese university has a secret-level Chinese security clearance, allowing it to conduct classified defense research. Ocean University has cooperative agreements with the Chinese navy and has collaborated with the navy’s submarine academy, according to the report.

A university spokesperson said programs that were not part of the Confucius Institute have continued to operate.

“Notably, they involved non-sensitive information such as climate simulation. This relationship is part of a much larger international program focused on gathering non-sensitive data for fundamental climate science,” the spokesperson said in an email.

“Texas A&M is committed to the highest level of research integrity and engagement of global partners. We embrace a culture that values diversity in thought and an environment that promotes innovation and creativity in research,” the spokesperson added.

Categories
Export Control

Department of Justice imposes financial penalties and employment restrictions on individuals for violating U.S. export control laws

In September 2021, three former U.S. Intelligence Community employees entered into a deferred prosecution agreement related to export control violations and other illegal activity.

More specifically, the individuals provided cyber services to a UAE government agency without the proper export authorizations from the U.S. Government. They also developed a “zero-click” computer hacking and intelligence gathering software that was successfully used to illegally obtain and use access credentials for online accounts issued by U.S. companies.

Under the deferred prosecution agreement, the individuals agreed to pay penalties ranging from $335,000 to $750,000; relinquished their security clearances, with a lifetime ban on future clearances; and are subject to certain lifetime employment restrictions.

For further Information:
https://www.justice.gov/opa/pr/three-former-us-intelligence-community-and-military-personnel-agree-pay-more-168-million

Categories
Export Control

Settlement Reached in Princeton Biological Material Export Control Violation

Princeton University paid a penalty of $54,000 after voluntarily disclosing to the Federal Government’s Bureau of Industry and Security (BIS) 37 occasions where it exported various genetic elements of animal pathogens without required export licenses.

Princeton’s unauthorized shipments occurred between November 2013 and March 2018, and involved the export of strains and recombinant materials to research institutions in Australia, Canada, China, India, Singapore, South Korea, and the U.K.  These items were controlled for Chemical and Biological Weapons reasons, and had a total value of approximately $27,000.

In addition to the financial penalty, Princeton is also required both to complete an internal export compliance audit and to hire an independent consultant at the University’s expense to conduct an external audit.  The university must report the results of these audits (including any actual or potential violations of the Export Administration Regulations) to BIS.

Princeton reportedly discovered these potential violations, voluntarily disclosed the information to BIS, and cooperated with all matters of the investigation to resolve the violation.  A press statement by BIS noted that self disclosure helps mitigate the penalties imposed when violations have occurred.

Additional Information:

https://www.bis.doc.gov/index.php/documents/about-bis/newsroom/press-releases/2716-princeton-university-press-release-final-updated-2021-02-02/file 

https://efoia.bis.doc.gov/index.php/documents/export-violations/export-violations-2021/1287-e2642/file 

Back