In the last edition of Castellum.AI’s Export Control Tracker, we provided a breakdown of the recent designations and delistings from the Commerce Department’s Bureau of Industry and Security’s (BIS) Denied Persons list, which designated seven individuals and delisted three. For this month, we’ll take a look at some recent enforcement actions and relevant announcements coming out of both the Commerce and Justice departments.

See the data for yourself — get a Castellum.AI account!

Yesterday Commerce announced that it will add four major cyber actors under its export controls list. Amongst those targeted is Israel’s NSO Group, which is responsible for creating and exporting the Pegasus military-grade spyware that has been used to spy on journalists, activists, and heads of governments from around the world. Commerce will also be designating Candiru, another Israel-based cyber firm; Positive Technologies, a Russia-based computer that was involved in the SolarWinds hack; and Computer Security Initiative Consultancy PTE. LTD, a Singapore-based cybersecurity consulting firm. The designation of the two Israeli entities signals that the United States will begin taking cyber offenses much more seriously, even if it disrupts its strategic security partnership with the Israeli government. 

On October 12th, Acting Assistant Secretary of Commerce for Export Enforcement, Kevin Kurland, announced an administrative settlement with VTA Telecom Corporation (VTA), a California-based company, to resolve allegations that it committed 6 violations of the Export Administration Regulations (EAR). VTA, a subsidiary of a Vietnamese state-owned telecommunications company, provided false information to BIS and other US agency officials, including on export licence applications and other documentation, in connection with the export of defence articles from the US to Vietnam. Between 2015 and 2016, VTA had knowingly acted in violation of the EAR by exporting or attempting to export a number of actuators, computer processing chips, transistors, and a ‘mass properties instrument’ back to Vietnam. 

In the aftermath of the Commerce Department tightening export restrictions last year against Huawei, Seagate Technology—a major U.S. data-storage equipment provider— has found itself in violation of the EAR after continuing to sell hard-disk drives to the Chinese state-owned enterprise. Seagate has allegedly provided over $800 million worth of annual purchases of hard-disk drives to Huawei. The violations surfaced following a recent Republican-led investigation by the Senate Committee on Commerce, Science, and Transportation into the matter—where pressure from the Committee continues to build in efforts to ensure greater enforcement of the EAR by the BIS. In August, Committee Ranking Member Senator Roger Wicker sent multiple letters to the BIS urging them to look into the matter. According to the Committee’s minority staff, the “response from the BIS failed to demonstrate that the agency is fulfilling its enforcement duties.” As momentum begins to grow by both the United States and its transatlantic partners in cooperating on export controls vis-à-vis China, proper enforcement and oversight will be critical to the success of these efforts. 

On October 22nd, two Florida residents were convicted by a federal jury for running an illegal exports scheme. Peter Sotis, 57, and Emilie Voissem, 45, attempted to export rebreather diving equipment to Libya in August 2016. Because its advanced capabilities—which allow divers to re-circulate their breath by replacing its carbon dioxide with oxygen all the while producing little to no bubbles—rebreathers are listed as a dual-use technology (having both civilian and military applications) and require a license to export. The two are scheduled to be sentenced in January 2022 and will subsequently be placed on BIS’s Denied Persons List.

Methodology

Castellum.AI obtains global sanctions information from primary sources, and then proceeds to standardize, clean and enrich the data, extracting key information like IDs and addresses from text blobs. Castellum.AI enriches as many as fifteen separate items per entry. This analysis is based on the enriched primary source data that populates our database. The database consists of over 900 watchlists, covering over 200 countries and six different categories (sanctions, export control, law enforcement most wanted, contract debarment, politically exposed persons, regulatory enforcement, and elevated risk). Castellum.AI checks for watchlist updates every five minutes directly from issuing authorities.

Castellum.AI shows the physical location of a designee, as provided by the US government. This information should be examined within the context of the entity’s legal registration within a respective country, which sometimes may actually be a branch of a multinational corporation that is headquartered elsewhere. For example, a Costa Rica listing is not necessarily that of a Costa Rican company, instead it is the local branch of Huawei - a multinational Chinese corporation. Additionally, a small number of entries have addresses that cannot be with high confidence assigned to a specific country, and as such are left blank.  For reasons both geographic and political, all entries related to Hong Kong have been consolidated into China. Northern Mali has been recategorized as Mali due to the mapping provider not having an option for Northern Mali. State Department DDTC is not mapped because State Department DDTC lists do not have any location information.

What Are Export Controls

Export controls are laws that regulate and restrict the release of critical technologies, information, and services to foreign nationals. Over 50 countries globally, from Argentina to Ukraine, have sophisticated export control regimes that focus on goods, technologies and locations. For example, carbon fiber from the United Kingdom cannot be exported to North Korea. But only the US and Japan have export watchlists that name individuals and entities, in addition to goods. Japan’s export control list, however, is very much driven by US listings, with over 65% overlap with US sanctions and export control lists; it also changes infrequently. For this reason, our export control tracker will initially focus only on US export control lists. Our goal is not just to analyze ongoing actions, but to measure and predict their impact. Each edition focuses on the previous month.

Want to be ahead of the headlines?

We have you covered. Sign up to receive data alerts and original insights from Castellum.AI