Repeated Unauthorized Exports of Encryption Software Results in Significant Penalty Despite Voluntary Disclosure
On October 7, 2014, the U.S. Department of Commerce Bureau of Industry and Security (BIS) announced it had imposed a $750,000 civil penalty against Wind River Systems Inc., a provider of embedded software solutions for security, communications, and operating environments for a variety of industries including aerospace and defense.
Wind River, a subsidiary of Intel Corp., voluntarily disclosed that it had made 51 unlicensed exports of operating software, valued at nearly $3 million, to government end-users in China, Hong Kong, Russia, Israel, South Africa, and South Korea. Wind River also disclosed four unlicensed exports to Chinese end users named on the Entity List. The products at issue are classified as ECCN 5D002 and are controlled for national security purposes. These products are commonly referred to as "ENC-restricted" items that require a specific license to ship to government end-users in countries not named in Supplement 3 to 15 CFR Part 740. Exports of such products are authorized under License Exception ENC to non-government end-users in countries not listed in Supplement 3, as well as to any end users in Supplement 3 countries.
Although apparently the first penalty assessed for violation of these encryption controls, the Assistant Secretary of Commerce for Enforcement explained that penalties were appropriate in this case "because the violations were ongoing over a period of several years . . . This penalty should serve as a reminder to companies of their responsibility to know their customers and, when using license exceptions, to ensure their customers are eligible recipients."
For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.